Fail2Ban is used as an intrusion detection system that can be installed on all Linux servers.
Installation
What’s up, Linux Community!!! In this video, I walk through properly configuring fail2ban on Ubuntu 22.04 Server Edition. Fail2Ban is used as an intrusion detection system that can be installed on all Linux servers. What fail2ban does is monitor specific log files (in /var/log) for failed login attempts or automated attacks on your server.
Fail2Ban Link: https://www.fail2ban.org/wiki/index.php/Main_Page
Commands
Install Fail2ban
Fail2ban is available in Ubuntu’s software repositories. Begin by running the following commands as a non-root user to update your package listings and install Fail2ban:
sudo apt update
sudo apt install fail2ban
Fail2ban will automatically set up a background service after being installed. However, it is disabled by default, because some of its default settings may cause undesired effects.
Verify the status of Fail2Ban services using the systemctl command:
systemctl status fail2ban.service
You could enable Fail2ban right away, but you have to configure first.
Configuring Fail2ban
Move to configuration directory:
cd /etc/fail2ban
Make copy of jail.conf named jail.local:
sudo cp jail.conf jail.local
Configure fail2ban to protect sshd
sudo nano jail.local
Example for sshd jail:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1
Manage Fail2ban Services
Enable fail2ban Service:
sudo systemctl enable fail2ban
Start fail2ban Service:
sudo systemctl start fail2ban
Check Status of fail2ban Service:
sudo systemctl status fail2ban
Testing Fail2ban Services
View firewall rules created by ufw.
sudo iptables -S | grep f2b
Check fail2ban Status.
sudo fail2ban-client status
Check fail2ban Status of specific jail.
sudo fail2ban-client status sshd