Fail2ban is a host-based security suite that reads (“filters”) log files and takes predetermined actions based on events logged therein, i.e., triggers an action when a log file matches an installed Fail2ban filter. Most commonly, it is used to automatically configure the host’s iptables network filter (i.e., the host’s firewall) (or its /etc/hosts.{allow,deny} files) so as to temporarily ban connection attempts from abusive remote hosts. Use of Fail2ban is solely a defense-in-depth measure and must not be considered a replacement for properly securing systems or services with strong authentication mechanisms.

Installing

sudo apt update && sudo apt install fail2ban

Configuring

TK-TODO