#!/bin/bash
echo "🔐 Installing Fail2Ban..."
sudo apt update
sudo apt install -y fail2ban
echo "🛠️ Configuring SSH jail with 1 year ban..."
# Backup config if needed
if [ ! -f /etc/fail2ban/jail.local.bak ]; then
sudo cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.bak 2>/dev/null
fi
# Create jail.local if doesn't exist
if [ ! -f /etc/fail2ban/jail.local ]; then
sudo touch /etc/fail2ban/jail.local
fi
# Write SSH jail config for 1 year ban
sudo bash -c 'cat > /etc/fail2ban/jail.local <<EOF
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 5
findtime = 10m
bantime = 31536000
EOF'
echo "🔁 Restarting Fail2Ban..."
sudo systemctl restart fail2ban
echo "✅ Fail2Ban configured with 1-year SSH ban."
sudo fail2ban-client status sshd
Comments
No comments yet.