Fail2Ban is a utility that bans IP addresses, that has done few unsuccessful attempts to log into your server.

To install Fail2Ban, connect to your server using ssh and type:

(For Debian and Ubuntu.)

apt install fail2ban 

(For RHL, CentOS and Fedora.)

yum install fail2ban

To configure Fail2Ban do the following command:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open jail.local with text editor, in this example it is nano.

nano jail.local

Scroll down to find:

# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

Bantime by default is 600 seconds. This is the time, for which the IP will be banned. If you will use ‘-‘ in front of number (-1) – a ban will be permanent.

Maxretry and Findtime are responsible for amount of retries and time between retries.

Enter needed parameters, save the file and type:

service fail2ban restart

You can also activate SSHD security by adding “enabled = true”:

# SSH servers
#

[sshd]
enabled = true

After you made any changes, make sure that you have restarted fail2ban service.

NOTE: If you want to add additional filters, or make deeper adjustments – visit official documentation.

For more information about Fail2Ban, visit https://www.fail2ban.org/wiki/index.php/Main_Page.