Protecting SSH with Fail2Ban Print
Step One - Installing Packages
On Debian 7, run:
sudo apt-get update && sudo apt-get install fail2ban
On CentOS 6, run:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && yum install fail2ban
Step Two - Configuration
Fail2Ban’s configuration file is located in /etc/fail2ban/jail.conf. In the event something breaks with the configuration file when we edit it, we should have a backup of the original copy on hand.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
Open the configuration file:
This is the default configuration file:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1
# "bantime" is the number of seconds that a host is banned.
bantime = 3600
# A host is banned if it has generated "maxretry" during the last "findtime"
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
Enter all IP addresses you wish to grant immunity from Fail2Ban. All desired IP addresses and ranges should be separated by a single space, as shown below.
ignoreip = 127.0.0.1 18.104.22.168 2604:0180::/48
Now, we decide on bantime, findtime, and maxretry values. bantime refers to the length of the ban against an IP or range initiated by Fail2Ban. findtime sets the grace period for a user, in other words, how long each failed login attempt counts as a strike against an IP. maxretry tells Fail2Ban how many failed login attempts a user is given before they are banned.
Step Three - Restart Fail2Ban
To restart Fail2Ban, run the following command:
sudo service fail2ban restart