How to install and configure Fail2ban for Ubuntu

Estimated reading: 2 minutes 675 views

Introduction

Fail2ban is a tool that monitors login activity on your server and helps protect your Linux machine from brute-force and other automated attacks. By default, it will block IP addresses for 10 minutes before removing them and it has filters to monitor Apache, SSH, and other programs for suspicious activity.

This guide will describe the installation and basic configuration in Ubuntu systems.

  1. Run the below command to ensure that the server is up to date.
    # apt update && apt upgrade
    

    fail2ban1

  2. To install fail2ban, run the below command.
    # apt-get install fail2ban
    

    fail2ban2

  3. Once the installation is completed, verify and check the status from the below command.
    # systemctl status fail2ban
    

    fail2ban3

  4. The default configuration file is /etc/fail2ban/jail.conf and the easiest way to configure Fail2ban is to copy the jail.conf to jail.local and modify the .local file. So make a copy with the below command to avoid possible conflict.
    # cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    

    fail2ban4

  5. Once the copy was taken, then start to edit the file by using the below command.
    # vi /etc/fail2ban/jail.local
    
  • ignoreip can be a list of IP addresses, CIDR masks, or DNS hosts. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using a space (and/or comma) separator.
    fail2ban5
    The values of the bantime, findtime, and maxretry options shown in the below image are defined the ban time and ban conditions.
  • bantime is the number of seconds that a host is banned.
  • findtime A host is banned if it has generated “maxretry” during the last “findtime”.
  • maxretry is the number of failures before a host gets banned.
    fail2ban6
    From the destemail and sender options, you can adjust the sending and receiving email addresses.
    fail2ban7
  • Once you have made any changes in the configuration file, then restart the Fail2ban service with the below command.
# service fail2ban restart

fail2ban188

Leave a Comment

Share this Doc

How to install and configure Fail2ban for Ubuntu

Or copy link

CONTENTS