Most server administrators use the Secure Shell Protocol (SSH) to connect to servers. While SSH is very robust and secure for data transfer, it does not protect your server against brute-force attacks by default. An attacker can attempt to access your server for an unlimited number of times.
These attacks could lead to server slow down. Given enough time the attacker can access your server and hijack it. Securing a server against such attacks is essential on the internet.
Here fail2ban comes into play. fail2ban helps prevent brute-force attacks by looking for authentication failures in a service’s logs, if the failures meet certain conditions fail2ban will create firewall rules to block the IP addresses, thus hindering the attack.
How to install fail2ban?
Installing fail2ban is as simple as typing the following command in the Linux terminal
sudo apt update
sudo apt install fail2ban
sudo yum update
sudo yum install epel-release
sudo yum install fail2ban
We need to make a copy of the fail2ban config files that we will edit. This is because fail2ban.conf and jail.conf could get overwritten when updating the fail2ban package.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
Run fail2ban with default configurations
sudo service fail2ban restart
To see which services are protected by fail2ban
sudo fail2ban-client status
More content coming soon on how to configure fail2ban. stay posted.