How to install Fail2ban on Ubuntu 22.04

Fail2ban is an intrusion prevention software that protects computer servers from brute-force attacks. It can run on POSIX systems that have an interface to a packet-control system or has a firewall installed locally.

In this tutorial, we will learn how to install Fail2ban on Ubuntu 22.04.

How Fail2ban works is that it scans files such as /var/log/auth.log and bans IP addresses conducting too many failed login attempts. It updates firewall system rules and blocks out all those IPs trying to log in with the wrong credentials.

Install Fail2ban on Ubuntu 22.04

Fail2ban most probably comes preinstalled on your server, but if not there you can install using the following steps.

1. Update system repositories.

To make our systems repositories up to date, use the following command.

$ sudo apt update && upgrade -y

2. Install Fail2ban

After the updates are complete, we can go ahead and install fail2ban. Use the following command to do so.

sudo apt install fail2ban

You should be in a position to see the following from your terminal

#output
The following additional packages will be installed:
  python3-pyinotify whois
Suggested packages:
  mailx monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
  fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 182 not upgraded.
Need to get 473 kB of archives.
After this operation, 2,486 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

3. Configuring Fail2ban

To configure Fail2ban, we can edit two files, fail2ban.local and jail.local files.

Fail2ban configurations reside in fail2ban.conf file and you are not advised to modify them. What you can do is to copy the contents of fail2ban.conf file and create another file called fail2ban.local file which you can then edit. to do so use the following command.

cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

Now we need to open fail2ban.local file on a text editor.

sudo nano /etc/fail2ban/fail2ban.local

Here you don’t have to change anything for now but whenever you need to make any change, always do it at .local file

Jail.local file have configuration options such as, ignoreip where you can set a range of IPs to be ignored.

Bantime use to set the amount of time an IP address is banned from accessing the server. It is 600 seconds.

Maxretry use to set the number of failures before an IP address is banned. It is 5 trials.

Findtime use to set the time in which the host should not use up the maxretry number in order not to get banned (generically set to 10 minutes).

Backend allows you to set the backend configurations for file modifications. The default is always auto.

So to create a jail.local file use the following command.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now you can open in your favorite text editor with the following command.

sudo nano jail.local

After doing your configurations remember to restart the fail2ban service. For me I haven’t started the service, so let’s start fail2ban service.

$ sudo systemctl start fail2ban
$ sudo systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; disabled; vendor pre>
     Active: active (running) since Sat 2022-07-02 11:16:49 EAT; 9s ago
       Docs: man:fail2ban(1)
   Main PID: 27843 (fail2ban-server)
      Tasks: 5 (limit: 9355)
     Memory: 11.9M
        CPU: 123ms
     CGroup: /system.slice/fail2ban.service
             └─27843 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Jul 02 11:16:49 zx-pc systemd[1]: Started Fail2Ban Service.
Jul 02 11:16:50 zx-pc fail2ban-server[27843]: Server ready

Fail2ban is now running, you can now make your desired configurations.

To check the version of installed Fail2ban use the following command.

fail2ban-client version
0.11.2

Conclusion

Congratulations you have successfully installed Fail2ban. For more information consult Fail2ban documentation.

About Kipkoech Sang

I am a technology enthusiast who loves to share gained knowledge through offering daily tips as a way of empowering others. I am fan of Linux and all other things open source.
View all posts by Kipkoech Sang →

Leave a Reply

Your email address will not be published.