ubuntu:fail2ban:install_fail2ban
Table of Contents
Ubuntu - Fail2Ban - Install Fail2Ban
Install fail2ban
sudo apt-get install fail2ban -y
Start and enable the fail2ban service
sudo systemctl enable --now fail2ban
Configure Firewall
sudo ufw allow ssh
NOTE: To allow SSH traffic into the server
Configure fail2ban
Fail2ban depends on a few different files and directories, which are:
- fail2ban.conf – the main configuration file.
- jail.conf – a sample jail configuration.
- action.d – contains various fail2ban actions configurations for things like mail and firewall.
- jail.d – contains additional fail2ban jail configurations.
Create jail.local to prevent malicious SSH logins
Create the new jail.local file with:
sudo vi /etc/fail2ban/jail.local
…and populate that file:
- /etc/fail2ban/jail.local
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 findtime = 300 bantime = 28800 ignoreip = 127.0.0.1
NOTE:
- enabled – Enables the jail.
- port – The port fail2ban will listen for.
- filter – The built-in filter fail2ban will use.
- logpath – The directory hosing the fail2ban log.
- maxretry – The number of failed attempts allowed before an IP is blocked.
- findtime – The amount of time between failed login attempts.
- bantime – Number of seconds an IP address is banned for.
- ignoreip – An IP address that is to be ignored by fail2ban.
Save and close the file.
Restart fail2ban
sudo systemctl restart fail2ban
ubuntu/fail2ban/install_fail2ban.txt · Last modified: 2022/06/30 20:34 by 45.89.242.239