====== 24.04 Fail2ban installation ======


OK lets bolt down a bit against brute force SSH attacks from the internet idiots, before we go any further.

<code>
sudo apt install fail2ban
sudo systemctl stop fail2ban.service
</code>

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf.
Since this file can be modified by package upgrades, we should not edit this file in-place. 

We need to create a local customisation file:

  nano /etc/fail2ban/jail.d/solaris.local

Once the file is created, we can open it for editing
We can make a few changes to make things work better.

<code>
[DEFAULT]
ignoreip = 127.0.0.1/8 10.3.0.0/16 ::1
bantime  = 2h
maxretry = 5
destemail = mark@scottworld.net
sender = root@scottworld.net
action = %(action_mwl)s

[recidive]
enabled = true

[postfix]
enabled = true

[apache-auth]
enabled = true
</code>

Restart fail2ban service

  systemctl restart fail2ban.service

Check everything is good with...

  fail2ban-client status

To find a specific ban 

  fail2ban-client status <named of the jail>

To remove a ban

  fail2ban-client unban <ip>