#!/bin/sh


sudo apt-get update -y  # To get the latest package lists
sudo apt install rsyslog -y                        #instal auth.log
sudo service rsyslog start                     #start syslog
#grep "Failed password" /var/log/auth.log        #check for login failures
#grep "Failed password" /var/log/auth.log | awk ‘{print $11}’ | uniq -c | sort
sudo cat /var/log/auth.log | grep "Failed password"
#sudo apt install fail2ban -y
sudo service fail2ban enable
sudo service fail2ban start
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo sed -i '244d' /etc/fail2ban/jail.local
sudo sed -i '239 a  enabled  = true' /etc/fail2ban/jail.local
sudo sed -i '240 a maxretry = 3' /etc/fail2ban/jail.local
sudo sed -i '241 a bantime  = 300' /etc/fail2ban/jail.local
sudo sed -i '242 a findtime = 30' /etc/fail2ban/jail.local
sudo sed -i '243 a chain    = INPUT' /etc/fail2ban/jail.local
sudo sed -i '244 a port     = 22' /etc/fail2ban/jail.local
sudo sed -i '245 a action_ = iptables-multiport[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]' /etc/fail2ban/jail.local
sudo service fail2ban restart
sudo fail2ban-client status sshd
sudo iptables -L

#end