Description
This article explains the process of installation and utility of the fail2ban software on Ubuntu Linux.
Purpose
This information is essential for preventing attackers from gaining access to a VPS through a brute-force password attack. By monitoring the auth.log file, fail2ban recognizes any repeated failed attempts from the same IP address and temporarily firewalls that address to prevent it from brute-force attacking the system.
Assumptions Made
This article assumes the reader understands the information in the following articles:
Procedure
1) Log in to a terminal (via PuTTY or SSH using your Linux VPS credentials or by opening a terminal emulator if you are working directly on a Linux machine).
sudo apt install fail2ban
3) To see which fail2ban “jails” are active, run the following command:
sudo fail2ban-client status
4) To check the status of a specific jail, enter the following command:
sudo fail2ban-client status sshd
Note all those IP addresses on the “Banned IP list.” They were recently attempting to gain brute force access to my VPS!