Install fail2ban

Security Layer 5

Fail2Ban is the security layer in which you reduce the number of attempts from the unknown ip's trying to break in to your server. This is done by setting up the following parameters in the file 'jail.conf'. That includes:

#ignoreip = 127.0.0.1/8 ::1

#bantime = 10m

#findtime = 10m

#maxretry = 5m

[sshd]

Remember to remove hash # before each parameter to take effect.

Now let's install fail2ban:

sudo apt install fail2ban

 cd /etc/fail2ban

ls

action.d fail2ban.conf fail2ban.d filter.d jail.conf paths-arch.conf paths-common.conf paths-debian.conf paths-opensuse.conf

Let's see the contents of the file 'jail.conf'.

We need to change the parameters in the file 'jail.conf'. But if we do so, then while updating the Ubuntu system packages the file gets overwritten and restored to its default settings. For this not to happen we need to cp 'jail.conf' to 'jail.local'.

Now lets change the parameter in the file 'jail.local'.

In 'ignoreip' just put your local computer ip address with a space after '127.0.0.1/8 ::1 '.

ignoreip = 127.0.0.1/8 ::1 192.163.6.4

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/24

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/32

Also put '/24' after your local computer's ip address if you don't want ip's coming from your local network to get banned and put '/32' if you don't want network having single IPv4 address to get banned. For details about IPv4 CIDR blocks visit wikipedia page here.