Fail2Ban

Fail2Ban is a security tool that protects Linux systems from brute-force attacks by monitoring system log files for suspicious behavior, such as multiple failed login attempts. When such behavior is detected, Fail2Ban automatically blocks the offending IP addresses using firewall rules. It is highly configurable and commonly used to secure services like SSH, FTP, and web applications.

Features of Fail2Ban:

• Monitors log files for signs of brute-force attacks and other suspicious behavior.
• Blocks IP addresses by adding firewall rules (using `iptables`, `ufw`, or `firewalld`).
• Supports multiple services like SSH, Apache, Nginx, FTP, and more.
• Customizable configuration to set thresholds for failed attempts and ban durations.
• Can send alerts via email or other actions upon detecting malicious activity.
• Prevents repeated attacks from malicious users while allowing legitimate access.
• Logging and reporting features for auditing and monitoring blocked IPs.

To check the installed version run these commands on terminal:
$ sudo su
$cd /opt
$cd fail2ban
$fail2ban-server -V

Disclaimer: Fail2Ban is an open-source security tool provided under the terms of the GNU General Public License. It is widely used to enhance system security by mitigating brute-force attacks and other malicious activities. Fail2Ban is provided "as is," without warranty, express or implied. Users are encouraged to review and comply with licensing terms when using Fail2Ban.