Use your package manager of choice to install fail2ban. In my case, since I'm using Ubuntu:
sudo apt install fail2ban
There are two main configuration files in Fail2Ban:
This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here.
This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc.
Start by creating a local copy of the files with:
cd /etc/fail2ban && cp jail.conf jail.local && cp fail2ban.conf fail2ban.local
Edit the files at your will. The recommendation is to leave the .conf files alone, and change only the .local files.
jail.local
bantime = 30m findtime = 24m # Set FindTime for an entire day maxretry = 5
fail2ban.local
Start the service with:
systemctl start fail2ban
If you don't receive any error, set it to auto run with:
systemctl enable fail2ban
You can check the log with:
cat /var/log/fail2ban.log
See banned IPs with:
fail2ban-client status <jail-name>
Unban an IP with:
fail2ban-client set <jail-name> unbanip <ip-address>
Add a Whitelist IP with:
fail2ban-client set <jail-name> addignoreip <ip-address>