How to install fail2ban on Ubuntu 18.04
Among the first steps in securing your Ubuntu Server is installing the fail2ban intrusion detection system. Failed login attempts or automated attacks are monitored by Fail2ban in specific log files. When Fail2ban detects that an IP address is trying to compromise the system, that address (by associating it with a new chain in iptables) is prevented from gaining access.The installation and use of Fail2ban are so straightforward, everyone should be able to use it.
In this article, I’ll show you how to install fail2ban on Ubuntu Server 18.04. If you do not already have a VPSie account, you will need to create one in order to register Ubuntu systems.
You will receive the credentials for your Ubuntu VM via email. Once you have accessed the terminal, the following commands will update your system.
# apt-get update && apt-get upgrade -y
Step 2: Installing fail2ban
Execute the following command.
# sudo apt-get install -y fail2ban
Failed2ban is ready for use once that installation is complete. Run the following commands to start and enable the service:
# sudo systemctl start fail2ban # sudo systemctl enable fail2ban
Step 3: Configuring a jail
Next, we will set up a jail for SSH attempts—the jail. The conf file can be found in the /etc/fail2ban directory. It should not be edited. Our strategy is to create a new file called jail. Local, which overwrites anything similar in jail. Conf. Jail configurations will monitor /var/log/auth.log, enable fail2ban sshd, use port 22 for SSH, and set the maximum retry count to five. Use these commands to do so:
# sudo nano /etc/fail2ban/jail.local
Paste the following contents into this new file,
[sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 5
The file should be saved and closed. Now restart fail2ban as follows,
# sudo systemctl restart fail2ban
If someone attempts to connect to your Ubuntu Server through SSH but repeatedly fails five times, iptables will block their IP address.
Step 4: Testing and unbanning
You can check the new jail’s functionality by connecting to the server five times via ssh. The connection will hang after five unsuccessful attempts. Unfortunately, you no longer have access to SSH from that IP address. It’s no big deal. You can then unban the IP address you want to test with by running the following command:
# sudo fail2ban-client set sshd unbanip "Your-IP"
The server can now be accessed with your IP address via SSH.
I appreciate you taking the time to read this article. We hope this was informative for you.
Fail2ban is a software application that monitors log files for suspicious activity and blocks IP addresses that exhibit malicious behavior, such as attempting to brute-force login credentials. You should install Fail2ban on Ubuntu to help protect your server from attacks and unauthorized access.
You can install Fail2ban on Ubuntu using the following steps:
- Update your package list: Use the command sudo apt-get update to update your package list.
- Install Fail2ban: Use the command sudo apt-get install fail2ban to install Fail2ban on your system.
- Configure Fail2ban: By default, Fail2ban monitors log files in the /var/log/ directory. You can configure Fail2ban to monitor additional log files or change the behavior of the software by editing the configuration file at /etc/fail2ban/jail.conf.
- Restart Fail2ban: Use the command sudo service fail2ban restart to restart Fail2ban and apply any changes you made to the configuration file.
You can check if Fail2ban is running on your Ubuntu server using the command sudo service fail2ban status. If Fail2ban is running, you should see a message indicating that the service is active and running.
You can view the list of IP addresses that have been blocked by Fail2ban by using the command sudo fail2ban-client status. This will display a list of all of the jails (service definitions) configured in Fail2ban, along with any IP addresses that have been banned.
Yes, Fail2ban can be used to monitor any log file that contains information about potentially malicious activity. You can configure Fail2ban to monitor additional log files by adding new jails to the configuration file.
