Protect your Virtual Machine with Fail2ban

Codearmo — Wed, 16 Apr 2025 08:40:24 +0000

Intro

OK so after a long time playing around with Linux servers, and now at the stage I have to spin them up pretty frequently with dozens done this year alone, I made a 10 Things to do on New Linux Server Checklist to try reduce the pain process of setting them up.

I had always known web security stuff was a real deep rabbit hole :( but my experience with automated login attempts to my servers really made me realize how scary a place the internet can be.

On Step 4 of the checklist , inspired by watching videos at the excellent LearnLinuxTV I decided to install Fail2ban.

Internet is a Scary Place

SO anyway, I install fail2ban on the test server and the results totally shocked me.

In just 3–4 hours since spinning up the test server for the checklist post, there were already 18 unauthorized login attempts to my virtual machine.

And now about a week later, the ssh jail is getting overcrowded as you can see below.

Check Login Attempts on your Virtual Machine

Below I list some handy commands to check your machine for login attempts

Check Failed Password Attempts

sudo grep "Failed password" /var/log/auth.log

Check Invalid User Attempts

sudo grep "Invalid user" /var/log/auth.log

Count the Number of Attempts in Latest Log file

sudo grep "Failed password" /var/log/auth.log | wc -l

Since the logs rotate pretty quick, you might need to change that to log.1 etc for old attempts.