In this article, we will have explained the necessary steps to install and configure Fail2ban on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with
sudo privileges. All the commands in this tutorial should be run as a non-root user.
Fail2ban is a free, open-source and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them (updates firewall rules to reject the IP addresses). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two-factor or public/private authentication mechanisms if you really want to protect services.
Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 2. Install Fail2ban on the Ubuntu system.
The fail2ban packages are available by default on the Ubuntu universe repository. Now we enable the Ubuntu universe repository using the following command:
Then, we will run the standard
apt install command along with the fail2ban package name:
apt install fail2ban
Once the installation is complete, start the fail2ban service and add it to the system boot:
systemctl start fail2ban systemctl enable fail2ban
Step 3. Configure Fail2ban.
Fail2Ban collects all of its configuration in
/etc/fail2ban/jail.conf file, though, no changes need to be made to this particular file. Certain system updates or patches could overwrite it as well, so simply make an additional local configuration file using the command below:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Next, we will open the configuration file using nano or our favorite text editor, we will be using Nano text editor:
Once the file is open, copy and paste the following configuration in it. The [DEFAULT] section contains global options and [sshd] contains parameters for the sshd jail:
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline comments
It’s recommended to change those settings:
- ignoreip – Specify your own ISP IP in this line, in such way you will avoid any blocks on your own IP address.
- bantime – This value sets a number of seconds that a client is going to be blocked from the server in case he violates any of the rules. The default is 10 minutes, you can change it to higher if you’d like.
- maxretry – This is the number of times a host can fail to login before getting banned.
- findtime – Amount of time that a client has to log in. The default is set to 10 minutes.
That’s all you need to do to install Fail2ban on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. Don’t forget to share your valuable queries/suggestions in the below comment box & also drop your worthwhile feedback.