Home ยป Enhance Fail2ban blocking for SSH

Enhance Fail2ban blocking for SSH

written by Snaky 0 comment 121 views

Create a new jail conf file on /etc/fail2ban/jail.d

nano /etc/fail2ban/jail.d/sshd_2.conf

Add below code

[sshd_2]
enabled = true
port = ssh
filter = sshd_2
logpath = /var/log/auth.log
maxretry = 1
bantime = 3600

Create new filter conf file on /etc/fail2ban/filter.d

nano /etc/fail2ban/filter.d/sshd_2.conf

Add below code.

[Definition]
failregex =     [iI](?:llegal|nvalid) user .*? from <HOST>(?: port \d+)?\s*$
                Disconnected from authenticating user root <HOST>(?: port \d+)?\s* [preauth]$
ignoreregex =

Restart the fail2ban service

systemctl restart fail2ban
systemctl status fail2ban

Check fail2ban status

fail2ban-client status sshd_2

Done.

Refer – http://p.cweiske.de/598

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.