Set up fail2ban to protect SSHD from brute-force attacks | Linux

Following a Security Scan Report, reviewed SSHD
grep sshd /var/log/auth.log | tail -n 25

No one "log in" succeeded.

But better to set up fail2ban to protect brute-force attacks.


How-to
Ubuntu:
apt-get install fail2ban

CentOS:
yum install epel-release
yum install fail2ban


Not edit the original file /etc/fail2ban/jail.conf
[DEFAULT]
bantime = 10m
findtime = 10m
maxretry = 5

[...]


Create a new one jail.local that will override any similar settings in jail.conf.

vim /etc/fail2ban/jail.local:
Ubuntu:
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

CentOS:
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/secure
maxretry = 3

Note: Ports
#@source https://github.com/webmin/webmin/issues/158#issuecomment-46774231
port = 80 ( single port )
port = 80, 443 ( multiple ports )
port = 8080:8090 ( port range )
port = 80, 8080:8090 ( combination is also possible )


$ sudo systemctl restart fail2ban


To get the IPs currently banned by fail2ban:
iptables -S


Reference


Update