Table of Contents

Ubuntu - Fail2Ban - Install Fail2Ban

Install fail2ban

sudo apt-get install fail2ban -y

Start and enable the fail2ban service

sudo systemctl enable --now fail2ban

Configure Firewall

sudo ufw allow ssh

NOTE: To allow SSH traffic into the server

Configure fail2ban

Fail2ban depends on a few different files and directories, which are:

WARNING: The default values in /etc/fail2ban/jail.conf ​​may change with package updates, so it is recommended to create a jail.local file with the configuration changes needed.

To modify some default settings

Create the jail.local file if it does not exist, otherwise edit it and populate it with:

/etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime  = 1d
findtime  = 5m
maxretry = 5
destemail = root@localhost
sender = root@mediaserver

NOTE: Notice the [DEFAULT] tag.

To have these new settings, restart Fail2Ban: 

sudo systemctl restart fail2ban

To prevent malicious SSH logins

Create the jail.local file if it does not exist, otherwise edit it and populate it with: 

sudo vi /etc/fail2ban/jail.local

…and populate that file:

/etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 28800
ignoreip = 127.0.0.1

NOTE:

  • enabled – Enables the jail.
  • port – The port fail2ban will listen for.
  • filter – The built-in filter fail2ban will use.
  • logpath – The directory hosing the fail2ban log.
  • maxretry – The number of failed attempts allowed before an IP is blocked.
  • findtime – The amount of time between failed login attempts.
  • bantime – Number of seconds an IP address is banned for.
  • ignoreip – An IP address that is to be ignored by fail2ban.

To have these new settings, restart Fail2Ban: 

sudo systemctl restart fail2ban

Restart fail2ban

sudo systemctl restart fail2ban