How-to-restrict-SSH-Bruteforce-attack-by-installing-fail2ban.md

Here we can see how to restrict the brute force attack d dosattack and etc by installing and configuring fail2ban

First we need to install fail2ban by using

#apt-get install fail2ban 

Move the file jail.conf to the same location as jail.local

# mv /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Change the Configuration to below as mentioned

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 192.168.1.77
bantime  = 600
maxretry = 2

Here 192.168.1.77 is the Ip were i have installed fail2ban and want to get protected

Bantime set for 10 min

maximum try for login 2 times

This want to be Enabled

backend = auto

# [SECTION_NAME]
 enabled = true

#
 in /etc/fail2ban/jail.local.

Check the ssh for Protection

[ssh]

enabled  = true
port     = 2002
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3

Here if we need to enable the service for ssh we need to change it to true And the Port number is 2002 for ssh in my system for testing filter want to be sshd max try is 3 times if not it will block and give us log

thats it

If we need to add service for more like this ddos attack or what ever we can add it