This guide explains how to install Fail2ban on Ubuntu 22.04. A strong intrusion prevention software architecture called Fail2Ban protects against SSH brute-force attacks. It is an important tool for server toughening and was created in Python. In order to avoid harmful IP addresses for a predetermined amount of time, Fail2Ban automatically modifies your iptables firewall configuration through the creation of rules.
Fail2Ban is an open-source program that can be used on POSIX systems with a local packet-control system or firewall, such as TCP Wrapper or iptables. It is free of cost. It improves defenses against a range of cyber threats, such as botnet assaults, DDoS attacks, and brute-force attacks.
Now let us begin the installation process:
1. To update the server, execute the following command:
apt update && apt upgrade -y
2. Install Fail2ban:
Perform the subsequent command to install Fail2ban:
apt install fail2ban -y
Since some of its default settings can have unintended consequences, the Fail2ban service is disabled by default.
Configuring Fail2ban
In order to set up Fail2ban, we must first copy the jail.conf configuration file, save it as jail.local, and change the jail.local file name. By doing this, we can attempt to test the cloned file while keeping the original configuration file safe. Run the following command to complete this task:
cp /etc/fail2ban/jail.{conf,local}
Use your favorite editor to make modifications to the copied file now.
vi /etc/fail2ban/jail.local
Individual Jail Settings
Each service can configured separately. Section headers like [sshd] define those. It is necessary to enable each of these parts separately by including an “enabled = true” line beneath the header along with the other options.
[jail_to_enable]
. . .
enabled = true
. . .
Locate [sshd] in the jail.local file, then add enabled = true below [sshd] to enable the SSH service.
Save the file after adding it, then close it.
3. Launch and activate Fail2ban:
Now, let us start and enable Fail2ban service using following commands:
systemctl start fail2ban
systemctl enable fail2ban
Use the following solution if, after running the start command, you receive an error:
Open the configuration file for Fail2ban:
nano /etc/fail2ban/jail.local
Look up “backend” and replace “systemd” with the backend value:
backend = systemd
Restart Fail2ban service:
systemctl restart fail2ban
Verify the Fail2ban service’s status:
systemctl status fail2ban
We are able to verify the services are operational:
fail2ban-client status
Output:
Status
|- Number of jail: 1
`- Jail list: sshd
We can also look up specific jail information:
fail2ban-client status sshd
You have the ability to change a number of variables based on your needs.
Here are a few of the parameters we have listed:
1. bantime
The bantime parameter determines how long an IP address will banned after exceeding the allowed number of failed login attempts. By default, this set to 10 minutes.
bantime = 1d
2. findtime
The findtime parameter specifies the time window during which consecutive failed login attempts are tracked. If multiple failed attempts occur within this period, the IP may banned.
findtime = 10m
3. maxretry
The maxretry parameter sets the maximum number of failed login attempts allowed within the findtime window. If this limit exceeded, the IP address will banned.
maxretry = 5
4. ignoreip
The ignoreip parameter is used to whitelist specific IP addresses, exempting them from being banned. To add an IP to this list, modify the ignoreip line by including the IP addresses you want to exempt:
ignoreip = 127.0.0.1/8 ::1 222.222.222.222 192.168.0.0/24
You should now be able to set up and install fail2ban and give the server an additional degree of protection. However, if you face any difficulty, feel free to contact our support staff.
Also, read more about How to Install Python 3 on Ubuntu 20.04 or 22.04.