Fail2ban

Official: https://www.fail2ban.org/wiki/index.php/Main_Page
Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-debian-11
LinuxCapable: https://www.linuxcapable.com/how-to-install-fail2ban-on-debian-linux/

sudo apt update
sudo apt install -y fail2ban

Configuration

sudo vim /etc/fail2ban/jail.local

/etc/fail2ban/jail.local

[DEFAULT]
# Set the ban time in seconds (e.g., 3600 seconds = 1 hour)
bantime = 3600
findtime = 10m
maxretry = 5

# Enable email notifications for bans
#destemail = your_email@example.com
#action = %(action_mw)s

# Choose the backend (auto, polling, gamin, systemd, or more)
backend = auto

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/fail2ban.log
maxretry = 3
bantime = 3600

[apache]
enabled = false
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 5
bantime = 7200

[nginx-http-auth]
enabled = true

Check if /var/log/fail2ban.log exists.

sudo rm /var/log/fail2ban.log
sudo touch /var/log/fail2ban.log

sudo vim /etc/fail2ban/fail2ban.local

/etc/fail2ban/fail2ban.local

[Definition]
allowipv6 = no

Enable

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

You can restart it with:

sudo systemctl restart fail2ban

And check status with:

sudo systemctl status fail2ban

Commands

Check

sudo fail2ban-client status

Logs

sudo tail -f /var/log/fail2ban.log

Unban

sudo fail2ban-client set sshd unbanip

Check banned IPs

sudo fail2ban-client status sshd

Edit this page on GitHub

ServerDocker

HostingNGINX