Diferença entre fail2ban e sshd block

https://www.reddit.com/r/linuxquestions/comments/t7jwct/server_hardening_is_fail2ban_needed_if_the_sshd/

DOS since SSHD should answer the incoming auth requests. In this scenario fail2ban downshift those requests from the application level (SSHd) to the network level of iptables (or what ip filter you are using). This naturally decrease the CPU overhead and hardens your setup.

fail2ban atua na camada de rede (iptables) sshd na camada da aplicação

Install Fail2ban

https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/

apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban

ban sshd service

cat > /etc/fail2ban/jail.local <<EOF
[sshd]
enabled   = true
maxretry  = 3
findtime  = 1d
bantime   = 4w
ignoreip  = 127.0.0.1/8 23.34.45.56
EOF

Explicação sobre campos fail2ban

https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server

e.g.:

• findtime: This parameter sets the window that Fail2ban will pay attention to when looking for repeated failed authentication attempts. The default is set to 10 minutes, which means that the software will count the number of failed attempts in the last 10 minutes.
• maxretry: This sets the number of failed attempts that will be tolerated within the findtime window before a ban is instituted.

Encontrar IP do seu provedor ISP (claro, net, tim)

https://whatismyipaddress.com/

Desbanir um IP na blacklist

https://linuxhint.com/unban-ip-fail2ban/#:~:text=While%20making%20incorrect%20authentication%20attempts,IP%20address%20is%20unbanned%20automatically.

ail2ban-client set jail_name unbanip xxx.xxx.xxx.xxx

e