Install fail2ban

Security Layer 5

Fail2Ban is the security layer in which you reduce the number of attempts from the unknown ip's trying to break in to your server. This is done by setting up the following parameters in the file 'jail.conf'. That includes:

#ignoreip = 127.0.0.1/8 ::1

#bantime = 10m

#findtime = 10m

#maxretry = 5m

[sshd]

Remember to remove hash # before each parameter to take effect.

Now let's install fail2ban:

sudo apt install fail2ban

 cd /etc/fail2ban

ls

action.d fail2ban.conf fail2ban.d filter.d jail.conf paths-arch.conf paths-common.conf paths-debian.conf paths-opensuse.conf

Let's see the contents of the file 'jail.conf'.

We need to change the parameters in the file 'jail.conf'. But if we do so, then while updating the Ubuntu system packages the file gets overwritten and restored to its default settings. For this not to happen we need to cp 'jail.conf' to 'jail.local'.

cp jail.conf jail.local

Now lets change the parameter in the file 'jail.local'.

sudo nano jail.local

In 'ignoreip' just put your local computer ip address with a space after '127.0.0.1/8 ::1 '.

ignoreip = 127.0.0.1/8 ::1 192.163.6.4

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/24

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/32

Also put '/24' after your local computer's ip address if you don't want ip's coming from your local network to get banned and put '/32' if you don't want network having single IPv4 address to get banned. For details about IPv4 CIDR blocks visit wikipedia page here.

Keep bantime, findtime, maxretry to default settings i.e. bantime = 10m findtime = 10m maxretry = 5m as it is sufficient to keep the bad actors away from re-attempting to break into your server.

Under [sshd] enter line 'enable = true' and change the port to your ssh port. If it is port 22 then you can simply keep it as 'ssh'.

Restart fail2ban for settings to take effect

sudo systemctl restart fail2ban