Set up fail2ban to protect SSHD from brute-force attacks | Linux
Following a Security Scan Report, reviewed SSHD
No one "log in" succeeded.
But better to set up fail2ban to protect brute-force attacks.
How-to
Ubuntu:
CentOS:
Not edit the original file /etc/fail2ban/jail.conf
Create a new one jail.local that will override any similar settings in jail.conf.
vim /etc/fail2ban/jail.local:
Ubuntu:
CentOS:
To get the IPs currently banned by fail2ban:
Reference
Update
grep sshd /var/log/auth.log | tail -n 25
No one "log in" succeeded.
But better to set up fail2ban to protect brute-force attacks.
How-to
Ubuntu:
apt-get install fail2ban
CentOS:
yum install epel-release
yum install fail2ban
yum install fail2ban
Not edit the original file /etc/fail2ban/jail.conf
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5
[...]
bantime = 10m
findtime = 10m
maxretry = 5
[...]
Create a new one jail.local that will override any similar settings in jail.conf.
vim /etc/fail2ban/jail.local:
Ubuntu:
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
CentOS:
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/secure
maxretry = 3
enabled = true
port = 22
filter = sshd
logpath = /var/log/secure
maxretry = 3
Note: Ports
#@source https://github.com/webmin/webmin/issues/158#issuecomment-46774231
port = 80 ( single port )
port = 80, 443 ( multiple ports )
port = 8080:8090 ( port range )
port = 80, 8080:8090 ( combination is also possible )
port = 80, 443 ( multiple ports )
port = 8080:8090 ( port range )
port = 80, 8080:8090 ( combination is also possible )
$ sudo systemctl restart fail2ban
To get the IPs currently banned by fail2ban:
iptables -S
Reference
Update