#linux #server #homelab

Fail2Ban is a security tool that helps protect your server from brute-force and other attacks by monitoring log files and banning IP addresses that exhibit malicious behavior.

Install and Configuring

1. Install Fail2Ban:

   sudo apt install fail2ban

2. Create a local configuration file:

   sudo touch /etc/fail2ban/jail.local

3. Enable SSH protection:
      Edit the jail.local file and ensure the [sshd] section is enabled. Check out the Wiki: Fail2Ban and Docker

   [DEFAULT]
   chain = INPUT
   
   [sshd]
   enabled = true
   enabled = true
   port = ssh
   logpath = /var/log/auth.log  # Adjust for your distribution
   maxretry = 5
   # chain = INPUT by default
   
   [pam-generic]
   enabled = true
   # chain = INPUT by default

4. Restart Fail2Ban:

   sudo systemctl restart fail2ban

5. Check active bans:

   sudo fail2ban-client status sshd