Fail2ban is an intrusion prevention software that protects computer servers from brute-force attacks. It can run on POSIX systems that have an interface to a packet-control system or has a firewall installed locally.
In this tutorial, we will learn how to install Fail2ban on Ubuntu 22.04.
How Fail2ban works is that it scans files such as /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It updates firewall system rules and blocks out all those IPs trying to log in with the wrong credentials.
Install Fail2ban on Ubuntu 22.04
Fail2ban most probably comes preinstalled on your server, but if not there you can install using the following steps.
1. Update system repositories.
To make our systems repositories up to date, use the following command.
$ sudo apt update && upgrade -y2. Install Fail2ban
After the updates are complete, we can go ahead and install fail2ban. Use the following command to do so.
sudo apt install fail2banYou should be in a position to see the following from your terminal
#output
The following additional packages will be installed:
python3-pyinotify whois
Suggested packages:
mailx monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 182 not upgraded.
Need to get 473 kB of archives.
After this operation, 2,486 kB of additional disk space will be used.
Do you want to continue? [Y/n] y3. Configuring Fail2ban
To configure Fail2ban, we can edit two files, fail2ban.local and jail.local files.
Fail2ban configurations reside in fail2ban.conf file and you are not advised to modify them. What you can do is to copy the contents of fail2ban.conf file and create another file called fail2ban.local file which you can then edit. to do so use the following command.
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.localNow we need to open fail2ban.local file on a text editor.
sudo nano /etc/fail2ban/fail2ban.localHere you don’t have to change anything for now but whenever you need to make any change, always do it at .local file
Jail.local file have configuration options such as, ignoreip where you can set a range of IPs to be ignored.
Bantime use to set the amount of time an IP address is banned from accessing the server. It is 600 seconds.
Maxretry use to set the number of failures before an IP address is banned. It is 5 trials.
Findtime use to set the time in which the host should not use up the maxretry number in order not to get banned (generically set to 10 minutes).
Backend allows you to set the backend configurations for file modifications. The default is always auto.
So to create a jail.local file use the following command.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localNow you can open in your favorite text editor with the following command.
sudo nano jail.localAfter doing your configurations remember to restart the fail2ban service. For me I haven’t started the service, so let’s start fail2ban service.
$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; disabled; vendor pre>
Active: active (running) since Sat 2022-07-02 11:16:49 EAT; 9s ago
Docs: man:fail2ban(1)
Main PID: 27843 (fail2ban-server)
Tasks: 5 (limit: 9355)
Memory: 11.9M
CPU: 123ms
CGroup: /system.slice/fail2ban.service
└─27843 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Jul 02 11:16:49 zx-pc systemd[1]: Started Fail2Ban Service.
Jul 02 11:16:50 zx-pc fail2ban-server[27843]: Server readyFail2ban is now running, you can now make your desired configurations.
To check the version of installed Fail2ban use the following command.
fail2ban-client version
0.11.2Conclusion
Congratulations you have successfully installed Fail2ban. For more information consult Fail2ban documentation.
