run the following command
nano /fail2ban.sh
Copy and paste the script below.
#!/bin/bash
# Fail2Ban auto-install and setup script (no sudo)
# Step 1: Update package list and install Fail2Ban and rsyslog
apt update && apt install fail2ban rsyslog -y
# Step 2: Ensure rsyslog is running and enabled on boot
systemctl start rsyslog
systemctl enable rsyslog
# Step 3: Configure rsyslog to log auth messages
if ! grep -q "^auth,authpriv.*" /etc/rsyslog.conf; then
echo "auth,authpriv.* /var/log/auth.log" >> /etc/rsyslog.conf
echo "Configured rsyslog to log authentication messages."
fi
# Restart rsyslog to apply changes
systemctl restart rsyslog
# Step 4: Copy the default jail.conf to jail.local to prevent overwriting in updates
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Step 5: Configure the SSH jail and other settings in jail.local
if ! grep -q "^\[DEFAULT\]" /etc/fail2ban/jail.local; then
echo -e "\n[DEFAULT]\n" >> /etc/fail2ban/jail.local
fi
# Check and set bantime if it doesn't exist
if ! grep -q "^bantime" /etc/fail2ban/jail.local; then
echo "bantime = 24h" >> /etc/fail2ban/jail.local
else
sed -i 's/^bantime.*/bantime = 24h/' /etc/fail2ban/jail.local
fi
# Check and set findtime if it doesn't exist
if ! grep -q "^findtime" /etc/fail2ban/jail.local; then
echo "findtime = 10m" >> /etc/fail2ban/jail.local
else
sed -i 's/^findtime.*/findtime = 10m/' /etc/fail2ban/jail.local
fi
# Check and set maxretry if it doesn't exist
if ! grep -q "^maxretry" /etc/fail2ban/jail.local; then
echo "maxretry = 5" >> /etc/fail2ban/jail.local
else
sed -i 's/^maxretry.*/maxretry = 5/' /etc/fail2ban/jail.local
fi
# Configure the SSH jail
if ! grep -q "^\[sshd\]" /etc/fail2ban/jail.local; then
echo -e "\n[sshd]\nenabled = true\nlogpath = /var/log/auth.log\n" >> /etc/fail2ban/jail.local
else
sed -i 's/^enabled.*/enabled = true/' /etc/fail2ban/jail.local
sed -i 's|^logpath.*|logpath = /var/log/auth.log|' /etc/fail2ban/jail.local
fi
# Step 6: Ensure SSH logging is enabled in /etc/ssh/sshd_config
# Handle LogLevel
if grep -q "^#LogLevel" /etc/ssh/sshd_config; then
sed -i 's/^#LogLevel.*/LogLevel INFO/' /etc/ssh/sshd_config
elif grep -q "^LogLevel" /etc/ssh/sshd_config; then
sed -i 's/^LogLevel.*/LogLevel INFO/' /etc/ssh/sshd_config
else
echo "LogLevel INFO" >> /etc/ssh/sshd_config
fi
# Handle SyslogFacility
if grep -q "^#SyslogFacility" /etc/ssh/sshd_config; then
sed -i 's/^#SyslogFacility.*/SyslogFacility AUTH/' /etc/ssh/sshd_config
elif grep -q "^SyslogFacility" /etc/ssh/sshd_config; then
sed -i 's/^SyslogFacility.*/SyslogFacility AUTH/' /etc/ssh/sshd_config
else
echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
fi
# Step 7: Restart SSH and Fail2Ban services to apply the changes
systemctl restart sshd
systemctl restart fail2ban
# Step 8: Enable Fail2Ban on boot
systemctl enable fail2ban
echo "Fail2Ban and rsyslog have been installed and configured successfully."
CTRL + O Then CTRL + X to Save and Close the file.
Now run the following command to sent the scripts permissions
chmod 755 /fail2ban.sh
Now we need to run the script to automatically install and setup fail2ban
./fail2ban.sh