How to Install Fail2Ban on Ubuntu 22.04

Install Fail2Ban on Ubuntu 22.04

In this article, we will have explained the necessary steps to install Fail2Ban on Ubuntu 22.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Fail2ban is a tool that helps protect your Linux machine from brute-force and other automated attacks by monitoring the services logs for malicious activity. Fail2ban can detect brute-force and other automated attacks, by scanning your log files and searching for the offending IPs. Fail2ban is written in Python and comes with filters for various services such as Apache2, SSH, FTP, etc.

Prerequisite:

  • Operating System with Ubuntu 22.04
  • Server IPv4 Address with Superuser Privileges (Root Access)
  • Gnome Terminal for Linux Desktop
  • PuTTy SSH client for Windows or macOS
  • Powershell for Windows 10/11
  • Familiar with APT Commands

Install Fail2Ban on Ubuntu 22.04 LTS

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

sudo apt update
sudo apt upgrade
sudo apt install software-properties-common apt-transport-https wget ca-certificates gnupg2 ubuntu-keyring unzip

Step 2. Setup UFW Firewall.

Before you start installing Fail2ban, you will need to set up the Firewall on your Ubuntu server. Let’s see what rules are available:

sudo ufw app list

We want to make a rule for OpenSSH first (it may already be enabled, it will tell you if it is):

sudo ufw allow ssh
sudo ufw enable

Let’s see what rules are enabled:

sudo ufw status

Step 3. Install Fail2Ban on Ubuntu Linux.

Installing Fail2Ban on your Ubuntu 22.04 LTS Jammy Jellyfish system is straightforward, Use the following command to install it to your Ubuntu or any Debian-based distribution:

sudo apt install fail2ban

By default, Fail2Ban is not enabled and activated once installed. Start the service and enable it on system boot using the following command below:

sudo systemctl enable fail2ban --now
sudo systemctl status fail2ban

Step 4. Configuring Fail2ban.

After you have installed the Fail2ban, now it’s time to set up and configure the Fail2ban. Before we edit the configuration file, let’s copy it so it’s not overwritten by system upgrades:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

Change the [sshd] section to the following (this will give a maximum password retry of 5 before the user is banned for 1 day):

[sshd]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 5
bantime = 1d

Save and close the file when you are done and restart the Fail2ban service and apply new changes to the jail.local configuration:

sudo systemctl restart fail2ban

That’s all you need to do to install Fail2Ban on Ubuntu 22.04 LTS Jammy Jellyfish. I hope you find this quick tip helpful. For further reading on the installation of the Fail2Ban, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.