Install Fail2Ban

Fail2bBan scans log files and blocks IP addresses that show malicious signs, such as, failing to login too many times, trying exploits,

Step 1. Open Terminal and Login

Step 2. Always Update and Upgrade

Step 3. Install Fail2Ban

Install it by running the command:

$ sudo apt install fail2ban -y

Step 4. Configure Fail2Ban [optional]

In most cases, you should not modify this file, so skip to next Step.

Make a local copy and then edit the local config file:

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

if you want to:

$ sudo nano /etc/fail2ban/jail.local

Activate all the services you would like fail2ban to monitor by adding a line: enabled = true

CTRL-w, [sshd] ENTER will find action = %

[sshd]

port = ssh

And add enabled = true below the [sshd]

To get email from from Fail2Ban if IPs are banned change the following line to your email address.

destemail = root@localhost

and change the following line from :

action = %(action_)s

to:

action = %(action_mwl)s

Step 4. Start Fail2Ban Running

Start Fail2Ban running:

$ sudo systemctl enable fail2ban

$ sudo systemctl start fail2ban

Common Fail2Ban commands:

Manage the Fail2ban service

$ sudo service fail2ban start | stop | restart | status | reload

Server comands:

$ sudo fail2ban-server start | stop | restart | status | reload

Get info about Fail2Ban:

$ sudo fail2ban-client status

References:

Introduction to fail2ban by Sam Hobbs

How to Setup Fail2ban on the Raspberry Pi by PiMyLifeUp

Securing a Raspberry Pi by Raspberry Pi org

How to secure a server by The Fan Club

How to Secure A Web Server by Chris Titus