fail2ban initial setup - guidance

Installing f2b on deb is fairly simple. I had written about on a post before (https://dev.slickalpha.blog/2019/11/installing-lemp-stack-on-debian-buster.html#sv-fail2ban).

First you install f2b

apt install fail2ban -y

Copy config to local

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

and make your edits on the local file

nano /etc/fail2ban/jail.local

update default values (port 22 is pre-enabled on f2b)

[DEFAULT]
...
# MISCELLANEOUS OPTIONS...
bantime  = 86400
findtime  = 86400
maxretry = 2`

Restart f2b

/etc/init.d/fail2ban restart

Check status of sshd 22

fail2ban-client status sshd

Apart from this using key with passphrase should be enough. You can always fine tune f2b.

Update:

Fail2ban basically checks logs for IPs, using regex filters and block matching IP's using iptables.

To list the enabled jails (regex filters for a service in f2b)

fail2ban-client status

To defend a custom port or service,

Check if regex filters for that service is present

ls /etc/fail2ban/filter.d

If they are present, say jail-name.conf, just enable them on f2b local file

nano /etc/fail2ban/jail.local

Under syntax

[jail-name]
..options..

let's say if sshd was not enabled, add enabled = true to sshd jail

[sshd]
enabled = true
....

To test the jails against your logs and update regex if missing

fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

If jails do not exist for a service or port, check online for those filters, and add those filters to /etc/fail2ban/filter.d and enable it on local config file.