Fail2ban is an intrusion prevention software used by many Linux System Administrator to protect Linux servers from brute-force-attacks and other automated attacks.
In this tutorial we will guide you on how to install and configure Fail2ban on Ubuntu 20.04. The installation and configuration is fairly easy and you don’t need years of experience in Linux administration to do it.
Let’s proceed with the steps on how to install and configure Fail2ban.
1. Installation
First let’s update the system and proceed with the installation.
sudo apt update
sudo apt install fail2banCheck the status of Fail2ban, and it should start automatically after the installation. To check the status run this command.
sudo systemctl status fail2banOutput:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-11-30 07:33:51 EST; 22s ago
Docs: man:fail2ban(1)
Main PID: 42104 (f2b/server)
Tasks: 5 (limit: 9485)
Memory: 14.3M
CGroup: /system.slice/fail2ban.service
└─42104 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Nov 30 07:33:51 blog.jeffalgarne.site systemd[1]: Starting Fail2Ban Service...
Nov 30 07:33:51 blog.jeffalgarne.site systemd[1]: Started Fail2Ban Service.
Nov 30 07:33:52 blog.jeffalgarne.site fail2ban-server[42104]: Server ready
2. Configuration
The main configuration files of Fail2ban is located in /etc/fail2ban. Fail2ban reads first all configuration with .local extension, and .local extensions overrides the .conf extensions.
The default configuration file is /etc/fail2ban/jail.conf, now we need to create a jail.local file and this is where we put the configuration settings we desired to protect our server.
First let’s copy the jail.conf to jail.local.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Now let us edit /etc/fail2ban/jail.local file.
sudo nano /etc/fail2ban/jail.local Modify the [Default] section to your desired configuration.
If you want to whitelist an IP you can put the IP in ignoreip directive. To enable ignoreip uncomment it.
ignoreip = 127.0.0.1/8 ::1 192.168.1.50Bantime – is the number of seconds that a host is banned.
bantime = 10mFindtime – A host is banned if it has generated “maxretry” during the last “findtime”
findtime = 10mMaxretry – is the number of failures before a host get banned.
maxretry = 53. Protecting SSH
Fail2ban uses Jails as rule set to protect your services. The SSH service jail is enabled by default.
This is the default jail for SSHD.
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)sIf you want to add more directives and want to add maxretry, findtime, bantime, and ignoreip in the SSHD jail rule set.
[sshd]
# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode = normal
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 6
findtime = 1d
bantime = 1w
ignoreip = 127.0.0.1/8 192.168.1.50After modifying the jail.conf, save the file and restart Fail2ban service for the configuration to take effect.
sudo systemctl restart fail2ban4. Fail2ban client
Fail2ban has it’s own command-line tool called fail2ban-client which you can use to interact with fail2ban service.
You can use fail2ban-client to check the jail status, you can also ban or unban IP addresses and changing other Fail2ban settings.
To check the available options.
fail2ban-client -hTo check the jail status.
sudo fail2ban-client status sshdTo ban an IP.
sudo fail2ban-client set sshd banip 192.168.1.51To unban an IP.
sudo fail2ban-client set sshd unbanip 192.168.1.51Conclusion
We have demonstrated how easy to setup Fail2ban in Ubuntu 20.04. If you like this article you might also like our article on CSF.
If you have questions, feel free to leave a comment and we will try to answer it.
Thank you and hope you enjoy our tutorial 🙂
