Fail2ban - Great tutorial - securing your server

Linux on Servers
1

ail2ban Securing your sever.
I watch this tutorial video by Jay on securing your server (see link)

I’m new to Linux and recently created my own server, from the link on Jays website(see link)

This tutorial for fail2ban was extremely helpful to me.
I’ve enable a number of jails and all appears to be working very well.

If any is using fail2ban and have anything they’d would like to share, I’d be interested in that…

2

Welcome to the forum @AnOldSlowHorse, and thanks for posting.

I used to use fail2ban, but I’ve moved to crowdsec now.

Both are excellent tools, though.

1 Like
3

Thanks for your reply @Mr_McBride ,
I will have a read about crowdsec.

Its nice to see what’s available.

1 Like
4

You might find yourself locked out of the server if you attempt to connect multiple times… it has happened to me when moving to a separate machine and separate username, such that the path to the ssh key was different and the attempt to log in was blocked.

# Will show you the number of jails
sudo fail2ban-client status

# For ssh is most likely set as sshd
# This command will show you the total banned IP addresses
sudo fail2ban-client status sshd

# Use this command to unban a particular IP if you get locked out of your system
sudo fail2ban-client set sshd unban ip xx.xx.xx.xx

Making mistakes is learning! :smiley:

1 Like
5

Hi, thank you for that tip.

I’ve made a note of it, so I can refer back.

Im on a very steep learning curve at the moment and all tips are welcome.

In Jay video (Using Fail2ban) about 5 minutes in,

He shows how to add your IP address (s) to a list in fail2ban jail.local file, so your IP address ignored and not jailed.

I added two IP address I use daily to the jail.local file, with a space in between them (not if this relevant as I’m very new to Linux and servers) …

Screenshot 2022-08-05 at 11.28.44
Screenshot 2022-08-05 at 11.28.441500×836 87.3 KB

6

You can create a configuration where root is not allowed to login directly via SSH, but is allowed to login at the console (assuming you have physical access to the host). That might be an acceptable backdoor.

1 Like
7

Thanks for your reply, I have so much to learn …

8

We are all on the journey of learning. I.T. never stops changing…

1 Like