Ubuntu - Fail2Ban - Install Fail2Ban
Install fail2ban
sudo apt-get install fail2ban -y
Start and enable the fail2ban service
sudo systemctl enable --now fail2ban
sudo ufw allow ssh
NOTE: To allow SSH traffic into the server
Fail2ban depends on a few different files and directories, which are:
fail2ban.conf – the main configuration file.
jail.conf – a sample jail configuration.
action.d – contains various fail2ban actions configurations for things like mail and firewall.
jail.d – contains additional fail2ban jail configurations.
Create jail.local to prevent malicious SSH logins
Create the new jail.local file with:
sudo vi /etc/fail2ban/jail.local
…and populate that file:
- /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 28800
ignoreip = 127.0.0.1
NOTE:
enabled – Enables the jail.
port – The port fail2ban will listen for.
filter – The built-in filter fail2ban will use.
logpath – The directory hosing the fail2ban log.
maxretry – The number of failed attempts allowed before an IP is blocked.
findtime – The amount of time between failed login attempts.
bantime – Number of seconds an IP address is banned for.
ignoreip – An IP address that is to be ignored by fail2ban.
Save and close the file.
Restart fail2ban
sudo systemctl restart fail2ban