====== Ubuntu - Fail2Ban - Install Fail2Ban ======

===== Install fail2ban =====

<code bash>
sudo apt-get install fail2ban -y
</code>

----

===== Start and enable the fail2ban service =====

<code bash>
sudo systemctl enable --now fail2ban
</code>

----

===== Configure Firewall =====

<code bash>
sudo ufw allow ssh
</code>


<WRAP info>
**NOTE:**  To allow SSH traffic into the server
</WRAP>

----

===== Configure fail2ban =====

Fail2ban depends on a few different files and directories, which are:

  * **fail2ban.conf** – the main configuration file.
  * **jail.conf** – a sample jail configuration.
  * **action.d** – contains various fail2ban actions configurations for things like mail and firewall.
  * **jail.d** – contains additional fail2ban jail configurations.

----

===== Create jail.local to prevent malicious SSH logins =====

Create the new **jail.local** file with:

<code bash>
sudo vi /etc/fail2ban/jail.local
</code>

...and populate that file:

<file bash /etc/fail2ban/jail.local>
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 28800
ignoreip = 127.0.0.1
</file>

<WRAP info>
**NOTE:**  

  * **enabled** – Enables the jail.
  * **port** – The port fail2ban will listen for.
  * **filter** – The built-in filter fail2ban will use.
  * **logpath** – The directory hosing the fail2ban log.
  * **maxretry** – The number of failed attempts allowed before an IP is blocked.
  * **findtime** – The amount of time between failed login attempts.
  * **bantime** – Number of seconds an IP address is banned for.
  * **ignoreip** – An IP address that is to be ignored by fail2ban.


</WRAP>

----

Save and close the file.

----


===== Restart fail2ban =====

<code bash>
sudo systemctl restart fail2ban
</code>

----