Fail2Ban - securing services and web applications

Install, enable and start

apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban

Observe, take a coffee and understand the config. But do not make changes, as it will be overwritten on the update.

vi /etc/fail2ban/jail.conf

Instead, create a local copy of config (which will dominate on default config)

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the local config

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
backend = systemd
destemail = to-xx@host
sender = from-fail2ban@host
action = %(action_mwl)s


[nginx-http-auth]
enabled = true

[nginx-botsearch]
enabled = true

[nginx-limit-req]
enabled = true

[nginx-bad-request]
enabled = true

[php-url-fopen]
enabled = true

[courier-smtp]
enabled = true

[postfix]
enabled = true

[postfix-rbl]
enabled = true

[dovecot]
enabled = true

[postfix-sasl]
enabled = true

Restart the service

systemctl restart fail2ban
systemctl status fail2ban
fail2ban-client status