Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»General Articles»How to Install and Configure Fail2ban on Ubuntu 20.04

    How to Install and Configure Fail2ban on Ubuntu 20.04

    RahulBy RahulApril 1, 20213 Mins Read

    Fail2ban is an tool used to improve server security from cyber attacks. It allows you to block remote ip addresses temporary or permanently based on defined settings. It helps you to secure your server and data from attackers.

    This tutorial help you to install Fail2ban on a Ubuntu 20.04 LTS Linux systems. Also provides you initial configuration with protect SSL using fail2ban.

    Prerequisites

    You must have shell access to Ubuntu 20.04 system with sudo privileged account.

    Step 1 – Installing Fail2ban

    Fail2ban Debian packages are available under the default apt repositories. You just need to update Apt cache and install fail2ban debian package on your system.

    Open a terminal and type:

    sudo apt update 
    sudo apt install fail2ban -y 
    

    After successful installation, make sure service is started.

    sudo systemctl status fail2ban 
    

    Make sure service is active and running.

    Step 2 – Initial Fail2ban Configuration

    Fail2ban keeps configuration files under /etc/fail2ban directory. The jail.conf file contains a basic configuration that you can use to create a new configuration. Fail2ban uses a separate jail.local file as configuration to avoid updates of jail.conf during packages updates.

    So create a copy of the configuration file with name jail.local:

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 
    

    Next edit jail.local configuration file in a text editor.

    sudo vim /etc/fail2ban/jail.local 
    

    Update the initial settings under the [DEFAULT] section.

    • ignoreip – A list of ip address to ignore from ban by the Fail2ban.
      1
      2
      3
      [DEFAULT]
       
      ignoreip = 127.0.0.1/8 192.168.1.0/24
    • bantime – is the number of seconds that a host is banned.
      1
      bantime = 60m
    • findtime – A host is banned if it has generated “maxretry” during the last “findtime” seconds.
      1
      findtime = 5m
    • maxretry – is the number of failures before a host get banned.
      1
      maxretry = 5

    In the next section, you can secure the system services to

    Step 3 – Protect SSH/SFTP

    After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

    [ssh-iptables]
    
    enabled  = true
    filter   = sshd
    action   = iptables[name=SSH, port=22, protocol=tcp]
               sendmail-whois[name=SSH, dest=root, [email protected], sendername="Fail2Ban"]
    logpath  = /var/log/secure
    maxretry = 3
    

    Step 4 – Protect FTP

    Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.

    [vsftpd-iptables]
    
    enabled  = true
    filter   = vsftpd
    action   = iptables[name=VSFTPD, port=21, protocol=tcp]
               sendmail-whois[name=VSFTPD, [email protected]]
    logpath  = /var/log/vsftpd.log
    maxretry = 5
    bantime  = 1800
    

    Step 5 – Manage Fail2ban Service

    After making all the changes save your file and restart Fail2ban service using the following command.

    sudo systemctl restart fail2ban.service 
    sudo systemctl enable fail2ban.service 
    

    For testing purposes, I have tried SSH with the wrong credentials from a different machine. After three wrong attempts, Fail2ban blocked that IP via iptables with reject ICMP. You can see the rules in iptables after blocking the IP address as below. For SSH only systems, make sure to have SSH access from another IP before making these tests.

    Conclusion

    This tutorial helped you to install and configure Fail2ban on Ubuntu 20.04 LTS system. Additioally provided you the configuration details to secure specific services like SSH, SFTP and FTP.

    fail2ban iptables Ubuntu
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow To Install Google Cloud SDK on Debian 10
    Next Article How to Install and Configure Fail2ban on Debian 10

    Related Posts

    How To Install Docker on Ubuntu 22.04

    3 Mins Read

    Filesystem Hierarchy Structure (FHS) in Linux

    Updated:July 1, 20222 Mins Read

    What is CPU? – Definition, Types and Parts

    3 Mins Read

    How to Install Ionic Framework on Ubuntu 22.04

    3 Mins Read

    What is the /etc/hosts file in Linux

    Updated:June 27, 20222 Mins Read

    Creating DMARC Record for Your Domain

    Updated:June 29, 20223 Mins Read

    Leave A Reply Cancel Reply

    Recent Posts
    • How To Install Docker on Ubuntu 22.04
    • How to Install Bower on Ubuntu 22.04 & 20.04
    • How to run “npm start” through Docker
    • Filesystem Hierarchy Structure (FHS) in Linux
    • How to accept user input in Python
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.