Monitoring your server is a great way to prevent cyber attacks and stop those that might be in progress. Unfortunately, you cannot always be present to monitor your server. Unless you are an android, you likely still require sleep. For those times when you cannot be be present, Fail2ban is an excellent friend to have.
Fail2ban scans your system’s log files and effectively bans any IP addresses that appear to be nefarious, such as those that have too many failed login attempts or those that are scanning for vulnerabilities. Fail2ban comes with a number of default filters with actionable rules, but you can also add your own.
For example, you could create a rule to have Fail2ban email you when one of your users has attempted to login unsuccessfully more than 5 times. This could be an indicator that someone is trying to hijack the user’s account.
Fail2ban uses python and is therefore a cross-platform server tool that you can use on virtually any operating system. It is also free and open source software, and available for easy installation in many Linux distribution software repositories.