Fail2Ban Cheat Sheet
·1 min read
When self-hosting, you'll quickly find brute force attempts to login to your machine via ssh. Well, if you're forwarding port 22. To mitigate this, we can use Fail2Ban to automatically ban IPs based on some rules. The rule I created was to ban IPs that attempt SSH with an incorrect username, such as root or admin. Since, I know the username I use and if I mess up I can easily remove my IP from the jail manually.
ini
# jail.d/invalid-user.conf
[invalid-user]
enabled = true
filter = _invalid-user
logpath = /var/log/auth.log
maxretry = 1
findtime = 1h
bantime = -1ini
# filter.d/_invalid-user.conf
[Definition]
failregex = ^.*Invalid user.* from <HOST>
ignoreregex =bash
sudo systemctl enable fail2ban
sudo systemctl restart fail2ban
sudo fail2ban-client status invalid-user