Intro
OK so after a long time playing around with Linux servers, and now at the stage I have to spin them up pretty frequently with dozens done this year alone, I made a 10 Things to do on New Linux Server Checklist to try reduce the pain process of setting them up.
I had always known web security stuff was a real deep rabbit hole :( but my experience with automated login attempts to my servers really made me realize how scary a place the internet can be.
On Step 4 of the checklist , inspired by watching videos at the excellent LearnLinuxTV I decided to install Fail2ban.
Internet is a Scary Place
SO anyway, I install fail2ban on the test server and the results totally shocked me.
In just 3–4 hours since spinning up the test server for the checklist post, there were already 18 unauthorized login attempts to my virtual machine.
And now about a week later, the ssh jail is getting overcrowded as you can see below.
Check Login Attempts on your Virtual Machine
Below I list some handy commands to check your machine for login attempts
Check Failed Password Attempts
sudo grep "Failed password" /var/log/auth.logCheck Invalid User Attempts
sudo grep "Invalid user" /var/log/auth.logCount the Number of Attempts in Latest Log file
sudo grep "Failed password" /var/log/auth.log | wc -lSince the logs rotate pretty quick, you might need to change that to log.1 etc for old attempts.
🛡️Protect your Virtual Machine with Fail2ban.
So if you found some bots trying to brute force in to your server, you might want to install fail2ban
Install ✅
sudo apt update && sudo apt install fail2banEnable & start it ✅
sudo systemctl enable fail2ban
sudo systemctl start fail2banCreate a Jail for the bots ✅
sudo nano /etc/fail2ban/jail.d/sshd.localConfigure your jail file full guide here ✅
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 5
bantime = 24h
findtime = 1hRestart the service ✅
sudo systemctl restart fail2banCheck How many IPs are Blocked
sudo fail2ban-client status sshd