Fail2Ban
Fail2Ban is a security tool that helps protect your server from brute-force attacks and unauthorized access attempts. It works by monitoring log files for suspicious activity, such as repeated failed login attempts, and then takes action to block the offending IP addresses.
Installation
Update your system and install Fail2Ban:
sudo apt update && sudo apt upgrade
sudo apt install fail2banConfiguration
Fail2Ban's main config file is at /etc/fail2ban/jail.conf. Instead of editing it directly, create a local override file so your changes survive updates:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localOpen the file to edit it:
sudo nano /etc/fail2ban/jail.localSSH jail example
Add or update the [sshd] section to protect SSH:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 600
bantime = 3600Key options
enabled— Set totrueto activate the jailport— Port of the service to protectfilter— Filter name matching the service (e.g.sshd)logpath— Log file Fail2Ban should monitormaxretry— Failed attempts before banningfindtime— Time window (seconds) for counting failuresbantime— How long (seconds) to ban an IP
You can add additional jails for other services like Nginx or Apache by following the same pattern.
Enable & start
sudo systemctl enable fail2ban
sudo systemctl start fail2banCheck status
View all active jails and banned IPs:
sudo fail2ban-client statusView details for a specific jail:
sudo fail2ban-client status <jail-name>Zscaler
With these commands you can enable and disable Zscaler on a Mac/Linux machine.
Signed commits
GPG (GNU Privacy Guard) is a free and open-source implementation of the OpenPGP standard. It is a tool for secure communication and data storage, allowing users to encrypt and sign their data and communications. GPG is widely used for email encryption, file encryption, and digital signatures.