February 2, 2019

Installing Fail2ban Ubuntu 18.04

Installing Fail2ban Ubuntu 18.04

Ensure your system is up to date:

sudo apt-get update && apt-get upgrade -y

Install Fail2ban:

sudo apt-get install fail2ban

Once installed, copy the default jail.conf file to make a local configuration with this
command.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then open the new local configuration file for edit with your favourite text editor, for example (nano/vi)

sudo nano /etc/fail2ban/jail.local

Scroll down to go through some of the settings available in the configuration file.

[DEFAULT]
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 3

If you have a sendmail service configured on your cloud server, you can enable the email notifications from Fail2ban by entering your email address to the
parameter destemail and changing the action = %(action_)s to action = %(action_mw)s.

SSH jail settings, which you can find at the top of the jails list, are enabled by default.

[sshd]
enabled = true

You can enable any other jail modules in the same fashion by editing
the enabled parameter to true.

When you’ve enabled all the jails you wish, save the configuration file and exit the editor.
Then you’ll need to restart the monitor with the following command

sudo service fail2ban restart

Any banned IP addresses will appear in the specific chains that the failed login attempts
occurred at. You can also manually ban and unban IP addresses from the services you
defined jails for with the following commands.

sudo fail2ban-client set  banip/unbanip
# For example
sudo fail2ban-client set sshd unbanip 31.13.92.36

Fail2ban is a handy addition to the iptables and firewall access control in general, feel free to experiment with the configuration and don’t worry if you get your own IP address banned

For additional information about fail2ban-client commands, see the Fail2ban
wiki.

Photo by Thomas Jensen on Unsplash