SetupLinux

If you have a server out there it’s getting attacked.  Sooner or later somebody will be able to break into your system if you don’t keep on top of security.

SSH is what most Linux admin’s use to manage their systems.  I hated looking at all these hack/bot type attempts to login to my systems so I did my homework to find something that would block all the attempts.

fail2ban is a simple app that keeps track of login attempts and will block after X number of tries.  It can look at multiple log files to pull this information, by default on Ubuntu it’s setup to look at system login’s (ssh, etc), apache, ftp (vsftpd, proftpd, wuftpd), and mail (postfix, couriersmtp, courierauth).

In your settings you tell it how many connections attempts you will allow from a IP address in a specified period of time.  By default it’s set to ban after 3 tries for 600 seconds.

fail2ban is in the default Ubuntu repository with the following:

Config Directory: /etc/fail2ban
Startup Script: /etc/init.d/fail2ban
Log File: /var/log/fail2ban.log

This program by itself isn’t enough to protect a system, but it’s a great app to have in the toolkit!