If you’re looking to secure your Ubuntu Server, one of the first things you should do is install the fail2ban intrusion detection system. What fail2ban does is monitor specific log files (in /var/log) for failed login attempts or automated attacks on your server. When an attempted compromise is discovered from an IP address, fail2ban then blocks the IP address (by adding a new chain to iptables) from gaining entry (or attempting to further attack) the server.
Believe it or not, fail2ban is so easy to install and use, it should be considered a no-brainer for all Linux servers.
I want to walk you through the process of installing fail2ban on Ubuntu Server 18.04. I’ll then show you how to add a jail to monitor for failed SSH login attempts.
Read more at TechRepublic