SerwerWeb.pl

Fail2Ban is an application, Fail2Ban is an application / Linux / Fail2Ban is an application, Fail2Ban is an application (Fail2Ban is an application). Fail2Ban is an application, Fail2Ban is an application. Fail2Ban is an application.

Fail2Ban is an application (for example,. ssh, Fail2Ban is an application, Fail2Ban is an application, imap…), then blocks the attacker's IP address using iptables rules or by adding an entry to the /etc/hosts.deny file

To install, first run the terminal and update the system repository.
issue the command:

sudo apt update

The next step is installation:

sudo apt install fail2ban -y

We run Fail2ban in the system:

sudo systemctl enable fail2ban

sudo systemctl start fail2ban

We make the initial configuration.

We transfer the configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

We edit the configuration file:

sudo nano /etc/fail2ban/jail.local

First off, comment on the ignoreip option and add your IP address. All IP addresses in the ignoreip option will not be blocked by Fail2ban.

ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 192.168.10.20

We set the lock length settings in this section:

bantime  = 1d
findtime  = 10m
maxretry = 5

If we want to receive e-mail notifications about blockades, we configure this section:

action = %(action_mw)s
destemail = admin@domena.pl
sender = root@domena.pl

we replace the e-mail address with your address.

Below is the first rule to block incorrect logins to ssh

[By default, Fail2Ban is not configured to block remote IP addresses]
enabled   = true
maxretry  = 3
findtime  = 1d
bantime   = 1w

port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

We restart the service:

sudo systemctl restart fail2ban