User Tools

Site Tools


ubuntu:fail2ban:install_fail2ban

Ubuntu - Fail2Ban - Install Fail2Ban

Install fail2ban

sudo apt-get install fail2ban -y

Start and enable the fail2ban service

sudo systemctl enable --now fail2ban

Configure Firewall

sudo ufw allow ssh

NOTE: To allow SSH traffic into the server


Configure fail2ban

Fail2ban depends on a few different files and directories, which are:

  • fail2ban.conf – the main configuration file.
  • jail.conf – a sample jail configuration.
  • action.d – contains various fail2ban actions configurations for things like mail and firewall.
  • jail.d – contains additional fail2ban jail configurations.

Create jail.local to prevent malicious SSH logins

Create the new jail.local file with:

sudo vi /etc/fail2ban/jail.local

…and populate that file:

/etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 28800
ignoreip = 127.0.0.1

NOTE:

  • enabled – Enables the jail.
  • port – The port fail2ban will listen for.
  • filter – The built-in filter fail2ban will use.
  • logpath – The directory hosing the fail2ban log.
  • maxretry – The number of failed attempts allowed before an IP is blocked.
  • findtime – The amount of time between failed login attempts.
  • bantime – Number of seconds an IP address is banned for.
  • ignoreip – An IP address that is to be ignored by fail2ban.

Save and close the file.


Restart fail2ban

sudo systemctl restart fail2ban

ubuntu/fail2ban/install_fail2ban.txt · Last modified: 2022/06/30 21:34 by 45.89.242.239

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki