How to Install and Configure Fail2ban on Ubuntu16.04

 

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. This will continuously monitor the log files and blocks the IPs that show the malicious signs means too many login errors, seeking for exploits, etc.

You may refer the following KB to install Fil2Ban service on CentOS server. https://www.interserver.net/tips/kb/how-to-install-fail2ban-on-centos/

 

Installation

Let’s see how to install and configure Fail2Ban service on Ubuntu 16.04.

1) Run the following commands to install the program.

apt-get update

apt-get install fail2ban -y

2) Once the installation has been completed restart the service.

service fial2ban restart

3) Check fail2ban status

service fail2ban status

The output will show active (running) which indicates the service is up and running.

 

Configure Fail2Ban

The configuration file doesn’t exist on the server by default. So we need to create a configuration file.

1) Run the following command to create the configuration file.

touch /etc/fail2ban/jail.local

2) Now open the created configuration file with vi or nano editor.

vi /etc/fail2ban/jail.local

3) Then add the following contents in the configuration file.

[DEFAULT] ignoreip = 127.0.0.1/8 ::1

bantime = 3600

findtime = 600

maxretry = 5

[sshd] enabled = true

 

Let’s discuss about the options.

[DEFAULT] ignoreip = 127.0.0.1/8 ::1 We are telling Fail2ban to ignore IP addresses 127.0.0.1 and ::1. These are the IPv4 and IPv6 addresses for localhost, respectively.

bantime = 3600 It’s very important to understand Fail2ban reads time as seconds in the configuration file. These rules will ban IP addresses for one hour {bantime = 3600}, if they make 5 mistakes {maxretry = 5}, within 10 minutes {findtime = 600}.

[sshd] enabled = true This indicates that enabled jail for SSH.

 

4) Once it is completed, restart fail2ban service.

service fail2ban restart

5) Also double check the fail2ban is running after the restart.

service fail2ban status

 

If you need any further help, please do reach our support department.

 

Leave A Comment