Fail2ban is an intrusion prevention framework written in Python. It operates by monitoring logs and running certain scripts based on findings. A good example where Fail2ban is used, is when there are repeated failed password attempts to a SSH port. Typically, the offending host is locked out for a period of time.
Fail2ban is ideal when there’s a brute force attack on a server. It will slow down an attack since the blocked host is locked out for a period of time. Although, it prevents attack from a single host, it shortcoming is, it fails to protect against a distributed attack from a network of computers.
Fail2ban is generally used with firewall programs such as Iptables, which are available on most Linux based servers. Fail2ban updates the firewalls rules when successive failed attempts occur on the system, therefore locking out the remote host for a certain period of time.
To install Fail2ban on Ubuntu or Debian from the Terminal:
$ sudo apt-get install fail2ban
You can edit the config file to update the settings. For example, you can increase the bantime from 600 to 1200 seconds. Or you can increase maxretry from 3 to 6.
$ sudo nano /etc/fail2ban/jail.conf