Fail2ban | Protect Ubuntu 22 Server

Posted August 8, 2022 by Josh ‐ 2 min read

Fail2Ban is used as an intrusion detection system that can be installed on all Linux servers.

Installation

What’s up, Linux Community!!! In this video, I walk through properly configuring fail2ban on Ubuntu 22.04 Server Edition. Fail2Ban is used as an intrusion detection system that can be installed on all Linux servers. What fail2ban does is monitor specific log files (in /var/log) for failed login attempts or automated attacks on your server.

Fail2Ban Link: https://www.fail2ban.org/wiki/index.php/Main_Page

Commands

Install Fail2ban

Fail2ban is available in Ubuntu’s software repositories. Begin by running the following commands as a non-root user to update your package listings and install Fail2ban:

sudo apt update
sudo apt install fail2ban

Fail2ban will automatically set up a background service after being installed. However, it is disabled by default, because some of its default settings may cause undesired effects.

Verify the status of Fail2Ban services using the systemctl command:

systemctl status fail2ban.service

You could enable Fail2ban right away, but you have to configure first.

Configuring Fail2ban

Move to configuration directory:

cd /etc/fail2ban

Make copy of jail.conf named jail.local:

sudo cp jail.conf jail.local

Configure fail2ban to protect sshd

sudo nano jail.local

Example for sshd jail:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1

Manage Fail2ban Services

Enable fail2ban Service:

sudo systemctl enable fail2ban

Start fail2ban Service:

sudo systemctl start fail2ban

Check Status of fail2ban Service:

sudo systemctl status fail2ban

Testing Fail2ban Services

View firewall rules created by ufw.

sudo iptables -S | grep f2b

Check fail2ban Status.

sudo fail2ban-client status

Check fail2ban Status of specific jail.

sudo fail2ban-client status sshd