How to Install and Configure Fail2ban on Ubuntu 20.04

how to install and configure fail2ban on ubuntu 20.04

In this article, we will explain how to install Fail2ban on Ubuntu 20.04. Fail2ban is an open-source tool used to help you protect your server from cyber-attacks. Fail2ban can detect brute-force and other automated attacks, by scanning your log files searching for the offending IPs.

installing and configuring fail2ban on ubuntu 20.04

When the attacker’s IP addresses are found those IPs are then banned for a specific length of time. You will learn in few easy steps about how to install it on Ubuntu 20.04. The installation will take no more than 5 minutes. So, let’s get started!

Prerequisites

  • Fresh install of Ubuntu 20.04
  • User privileges: root or non-root user with sudo privileges

As always, first log in to your VPS via SSH:

ssh user@hostname

Step 1. Fail2ban installation

Fail2ban is available in the default Ubuntu 20.04 repositories, you will just need to update Apt cache and install the fail2ban package.

$ sudo apt update

$ sudo apt install fail2ban

Fail2ban starts automatically after the installation, verify this by running:

$ sudo systemctl status fail2ban

Step 2. Fail2ban Configuration

You can find the Fail2ban configuration files in the /etc/fail2ban directory.
Before you start editing the default settings, first you will need to make a copy of the /etc/fail2ban/jail.conf file.

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then open the jail.local file using your text editor of choice.

$ sudo nano /etc/fail2ban/jail.local

The ignoreip directive is used to exclude IP addresses, subnets or IP ranges from getting banned. You can do that by removing the comment from the ignoreip line and adding the IP addresses at the end, that you want to exclude separated by space between them.

For example, if you want to exclude the IP addresses 10.10.10.5 and 10.10.10.80 from being banned, add the IP addresses at the end of the line with space between.

ignoreip = 127.0.0.1/8 ::1 10.10.10.5 10.10.10.80

Changing the ban settings can be done with the parameters bantime, findtime and maxretry.

bantime is the duration of the ban time for the banned IP addresses. By default, the value is 10 minutes, but it can be also set to a number of days. Using negative values for bantime makes the ban duration permanent.

The other parameter findtime tells us the duration in which the failed attempts should happen before they get banned.

maxretry value defines the number of failed login attempts that should be made in the duration defined in findtime to get the IP banned.

Step 3. Email notifications

If you have SMTP server installed and configured, you can also enable email notifications to get alerts when some IP has been banned.
To do that, set the global parameter destemail with the email where you want to receive the alerts and add the line below.

action = %(action_mw)s

This will send you emails of the banned IPs together with a detailed whois report.

Step 4. Fail2ban jails

Fail2ban uses jails to apply rules on a given application or log file. Jails are basically a service that includes filters and actions, the log entries are checked and if they match a predefined condition then those IPs are banned.

The sshd jail is enabled by default and you can find it at the top of the jails list.

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

Each time you plan to make changes in the configuration file, you should restart the service after editing for the changes to take effect.

$ sudo systemctl restart fail2ban

To enable some other jails, you will need to add enabled = true under the service name of the jail. You can also create your own jails for other services or log files.

Step 5. Fail2ban client

Fail2ban comes with a command-line tool fail2ban-client which can be used to run commands that interact with the fail2ban service. You can use the tool to check the jail status, ban or unban IP addresses and for changing other settings.

To check jail status use the following command:

$ sudo fail2ban-client status sshd

To ban an IP use the command:

$ sudo fail2ban-client set sshd banip 61.52.43.34

You can unban an IP you can use the following command:

$ sudo fail2ban-client set sshd unbanip 61.52.43.34

Congratulations! you have successfully installed configured Fail2ban on Ubuntu 20.04.

Of course, you don’t need to install and configure Fail2ban on Ubuntu 20.04 yourself if you use one of our Linux VPS Hosting services and have additional IP addresses. In which case you can simply ask our expert Linux admins to configure and set this up for you. They are available 24×7 and will take care of your request immediately.

how to install fail2ban on ubuntu 20.04

PS. If you liked this post on How To install and configure Fail2ban on Ubuntu 20.04, please share it with your friends on the social networks by using the buttons on the left, or simply leave a reply below. Thanks.

Leave a Comment