Installation On Ubuntu and derivatives
Log-in as root user and enter the following command to install Fail2ban.
apt-get install fail2banConfigurations
Copy a config file in /etc/fail2ban/ of file â€œjail.confâ€ to â€œjail.localâ€
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localEdit file jail.local
vi /etc/fail2ban/jail.localWith content,
# "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1/8 bantime = 3600 maxretry = 3Email Notifications
Find the line that says destmail and add your email address.
destemail = email@example.comChose default actions
action = %(action_)sAnd change it to:
action = %(action_mw)sEmail Actions, In this case we use sendmail.
# email action. Since 0.8.1 upstream fail2ban uses sendmail # MTA for the mailing. Change mta configuration parameter to mail # if you want to revert to conventional 'mail'. mta = sendmailEnable SSH with fail2ban
Find the ssh section in the same file, and adjust to your need:
[ssh] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3Once done, Restart fail2ban to apply these settings.
service fail2ban restartLetâ€™s try to access via SSH to this server with the incorrect information for 3 times. We will get one email and can not ssh to that server for 1 hour with the user we tried.