⚠️ Introduction#
Fail2Ban is an excellent tool for protecting your server from brute-force login attempts, DoS (Denial of Service) attacks, and other malicious activities. This guide will walk you through the steps to install and configure Fail2Ban on Ubuntu.
🔧 Installation#
To install Fail2Ban, run the following command:
sudo apt update && sudo apt install fail2ban
⚙️ Configuration#
1. Edit the Fail2Ban configuration file#
sudo nano /etc/fail2ban/jail.conf
2. Configure the loglevel and maxretry settings:#
[DEFAULT]
loglevel = INFO
maxretry = 3
3. Add filters for common services (e.g., SSH, Apache):#
sudo nano /etc/fail2ban/filter.d/ssh.conf
# Configure the filter for SSH login attempts
[Definition]
# Option: failregex
# Value: REGEX to match the password failures, ignoring any whitespace
# Format: ^<host> - Failed password for <user> from <ip> via PAM
failregex = ^<host> - Failed password for <user> from <ip> via PAM
# Option: bantime
# Value: Time in seconds, or a string with time units (e.g. "1m", "2h")
bantime = 3600
# Option: findtime
# Value: Time in seconds, or a string with time units (e.g. "1m", "2h")
findtime = 600
# Option: maxretry
# Value: Number of authorized login attempts failed before ban
maxretry = 3
4. Add jail definitions for common services:#
sudo nano /etc/fail2ban/jail.d/ssh.conf
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
🔧 Restarting Fail2Ban#
sudo systemctl restart fail2ban
📝 Checking Status and Banned IP Addresses#
sudo fail2ban-client status
sudo fail2ban-client get sshd banip
🔑 Conclusion#
You have successfully set up Fail2Ban on Ubuntu. Remember to monitor the logs and adjust your configuration as needed.