Back to course

Intrusion Detection with Fail2Ban

Modern DevSecOps (The Hard Way)

Automatic Banning

fail2ban scans logs and updates firewall rules to ban IPs that show malicious signs.

Setup:

Create a jail in /etc/fail2ban/jail.local for SSH. Set maxretry = 3 and bantime = 1h.

Now, if someone tries to brute-force your SSH port, they are automatically blocked by iptables.