Ubuntu – fail2ban

Installing fail2ban is simple. Log into your Ubuntu Server and update/upgrade. Do note that should the kernel be upgraded in this process, the server will have to be rebooted (so run this at a time when a reboot is viable). To update and upgrade the server, issue the following commands:

sudo apt-get update
sudo apt-get upgrade

Once the above commands complete, reboot the server (if necessary).

Installing fail2ban can be done with a single command:

sudo apt-get install -y fail2ban

When that command finishes, fail2ban is ready to go. You’ll want to start and enable the service with the commands:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Configuring a jail

Next we’re going to configure a jail for SSH login attempts. In the /etc/fail2ban directory, you’ll find the jail.conf file. Do not edit this file. Instead, we’ll create a new file, jail.local, which will override any similar settings in jail.conf. Our new jail configuration will monitor /var/log/auth.log, use the fail2ban sshd filter, set the SSH port to 22, and set the maximum retry to 3. To do this, issue the command:

sudo nano /etc/fail2ban/jail.local

In this new file, paste the following contents:

enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Save and close that file. Restart fail2ban with the command:

sudo systemctl restart fail2ban

At this point, if anyone attempts to log into your Ubuntu Server via SSH, and fails three times, they will be prevented from entry, by way of iptables blocking their IP Address.

Testing and unbanning

You can test to make sure the new jail works by failing three attempts at logging into the server, via ssh. After the third failed attempt, the connection will hang. Hit [Ctrl]+[c] to escape and then attempt to SSH back into the server. You should no longer be able to SSH into that server from the IP address you were using.

You can then unban your test IP address with the following command:

sudo fail2ban-client set sshd unbanip IP_ADDRESS

where IP_ADDRESS is the banned IP Address.

You should now be able to log back into the server with SSH.

Scratching the surface

This barely scratches the surface as to what fail2ban can do. But now you have a good idea on how to use the system. To find out more, make sure to read the man page with the command:

man fail2ban

That manual page provides a good overview of what fail2ban can do.


38 thoughts on “Ubuntu – fail2ban
  1. Greate post. Keep posting such kind of information on your
    blog. Im really impressed by it.
    Hi there, You have performed a great job. I will definitely digg it and in my view recommend
    to my friends. I’m confident they will be benefited from this website.

  2. I know this web site presents quality depending articles or reviews and additional material, is there
    any other web page which provides such stuff in quality?

  3. Its not my first time to go to see this web page, i am visiting this website
    dailly and get fastidious data from here everyday.

  4. You could definitely see your skills within the article you write.
    The arena hopes for even more passionate writers like you who are not afraid to
    mention how they believe. At all times go after your heart.

  5. Link exchange is nothing else however it is just placing
    the other person’s website link on your page at appropriate place and other person will also do same
    in favor of you.

  6. Greetings I am so happy I found your site, I really found you
    by mistake, while I was searching on Askjeeve for something
    else, Anyhow I am here now and would just like to say thanks
    a lot for a tremendous post and a all round thrilling blog
    (I also love the theme/design), I don’t have time to look over it all at the minute but I have
    saved it and also added in your RSS feeds, so when I have time I will be
    back to read more, Please do keep up the
    excellent work.

  7. Thank you for any other magnificent article. Where else may just anybody get
    that type of info in such a perfect way of
    writing? I’ve a presentation next week, and I am on the look for such information.

  8. My brother recommended I may like this website. He was once entirely right.
    This post truly made my day. You cann’t consider just how so much time I had spent for
    this info! Thanks!

  9. First off I would like to say awesome blog! I had a quick question in which I’d
    like to ask if you don’t mind. I was curious to know
    how you center yourself and clear your head prior to writing.

    I have had trouble clearing my thoughts in getting my ideas
    out there. I do enjoy writing but it just seems like the first 10 to 15 minutes are generally lost simply just trying to figure out how to
    begin. Any suggestions or tips? Thanks!

  10. Great work! That is the type of information that should be shared across the web.
    Disgrace on Google for not positioning this post higher!
    Come on over and discuss with my site . Thank you =)

  11. Public Attitudes Toward Government Spending. American Journal Of Political Science Related Literature Juvenile

    Here is my web blog: ebook

Leave a Reply

Your email address will not be published.