How to install and configure Fail2ban Ubuntu Cloud Servers

2021-04-19 By Mark 57 Views linux fail2ban
0 reviews

Fail2ban is a tool that monitors login activity on your server and helps protect your Linux machine from brute-force and other automated attacks. By default, it will block IP addresses for 10 minutes before removing them and it has filters to monitor Apache, SSH, and other programs for suspicious activity.


This guide will describe the installation and basic configuration in Ubuntu systems.


  1. Run the below command ensure that the server is up to date.

    # apt update && apt upgrade
    

    fail2ban1

  2. To install fail2ban, run the below command.

    # apt-get install fail2ban
    

    fail2ban2

  3. Once the installation completed, verify and check the status from the below command.

    # systemctl status fail2ban
    

    fail2ban3

  4. The default configuration file is /etc/fail2ban/jail.conf and the easiest way to configure Fail2ban is to copy the jail.conf to jail.local and modify the .local file. So make a copy with the below command to avoid possible conflict.

    # cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    

    fail2ban4

  5. Once the copy taken, then start to edit the file by using the below command.

    # vi /etc/fail2ban/jail.local
    
  • ignoreip can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using space (and/or comma) separator.

    fail2ban5


    The values of the bantime, findtime, and maxretry options those shown in the below image are define the ban time and ban conditions.

  • bantime is the number of seconds that a host is banned.

  • findtime A host is banned if it has generated "maxretry" during the last "findtime".
  • maxretry is the number of failures before a host get banned.

    fail2ban6


    From the destemail and sender options, you can adjust the sending and receiving email addresses.

    fail2ban7

  1. Once you have made any changes in configuration file, then restart Fail2ban service with the below command.

    # service fail2ban restart
    

    fail2ban188

What do you think about this article?

Rate this article