On this post, i’m going to guide you how to use Fail2ban to protect SSH.
First you need to install Fail2ban is :
apt-get install fail2ban
After installing Fail2ban, to starts to work immediately, you need to add the desired settings. All configuration is stored in a/etc/fail2ban/jail.conf file
We need to change the section of the SSH :
Description:maxretry – the maximum number of incorrect connections during specified parameter findtime ;findtime – Time in the log-file, for which the analysis of the number of incorrect connections. Calculated in seconds;bantime – blocking time in seconds;
and restart Fail2ban is :
service fail2ban restart
Now, after 10 wrong password is entered for an hour address will be blocked for a day.
gets the current status of the server
And to know the statistics for blocked clients for each service with the command:
fail2ban–client status service_name
The post How to use FAIL2BAN to protect SSH appeared first on Penetration Testing.