How to install fail2ban on Ubuntu 18.04
Among the first steps in securing your Ubuntu Server is installing the fail2ban intrusion detection system. Failed login attempts or automated attacks are monitored by Fail2ban in specific log files. When Fail2ban detects that an IP address is trying to compromise the system, that address (by associating it with a new chain in iptables) is prevented from gaining access.The installation and use of Fail2ban are so straightforward, everyone should be able to use it.
In this article, I’ll show you how to install fail2ban on Ubuntu Server 18.04.
So let’s start,
Step 1: Getting your system up and running
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y
Step 2: Installing fail2ban
Execute the following command.
sudo apt-get install -y fail2ban
Failed2ban is ready for use once that installation is complete. Run the following commands to start and enable the service:
# sudo systemctl start fail2ban # sudo systemctl enable fail2ban
Step 3: Configuring a jail
Next, we will set up a jail for SSH attempts. The jail.conf file can be found in the /etc/fail2ban directory. It should not be edited. Our strategy is to create a new file called jail.local, which overwrites anything similar in jail.conf. Jail configurations will monitor /var/log/auth.log, enable fail2ban sshd, use port 22 for SSH, and set the maximum retry count to five. Use these commands to do so:
sudo nano /etc/fail2ban/jail.local
Paste the following contents into this new file,
[sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 5
The file should be saved and closed. Now restart fail2ban as follows,
sudo systemctl restart fail2ban
Currently, if someone attempts to connect to your Ubuntu Server through SSH, but fails repeatedly 5 times, iptables will block their IP address.
Step 4: Testing and unbanning
You can check the new jail’s functionality by connecting to the server five times via ssh. The connection will hang after five unsuccessful attempts. Unfortunately, you no longer have access to SSH from that IP address. It’s no big deal. You can then unban the IP address you want to test with by running the following command:
sudo fail2ban-client set sshd unbanip "Your-IP"
The server can now be accessed with your IP address via SSH.
Thanks for reading! I hope it was informative for you!