fail2ban - vincios/rpi-setup GitHub Wiki

Overview

Fail2ban can significantly mitigate brute force attacks by creating rules that automatically alter your firewall configuration to ban specific IPs after a certain number of unsuccessful login attempts.

Tutorial extracted from here.

Install

Install from APT

$ sudo apt update
$ sudo apt install fail2ban

Configure

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf

As you’ll also see, these comments are directing you not to modify this file directly. Instead, you have two options: either create individual profiles for Fail2ban in multiple files within the jail.d/ directory, or create and collect all of your local settings in a jail.local file. The jail.conf file will be periodically updated as Fail2ban itself is updated, and will be used as a source of default settings for which you have not created any overrides.

So, let's create the jail.local file

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Fail2Ban comes with a lot of services already configured. You only need to edit the jail.local file, find the [service] section you need and the enable string.

[SERVICE]
enabled = true

Get jail statistics

You can retrieve statistics about jails and banned IPs with fail2ban-client

fail2ban-client status      # Will show the status of the server, and enable jails.
fail2ban-client status JAIL # Will show the status of the jail JAIL, including any currently-banned IPs.
fail2ban-client banned      # Will show all currently banned IPs for each enabled jail

Unban an IP

$ sudo fail2ban-client set vaultwarden unbanip XX.XX.XX.XX