How To Install Fail2ban on Ubuntu 22.04
In this tutorial, we'll explain how to install Fail2ban on Ubuntu 22.04.
Fail2Ban is an excellent intrusion prevention software framework from SSH from a brute-force attack. It’s written in the Python programming language. It should be one of your top priorities when hardening the server.
Fail2ban create rules that automatically alter your iptables firewall configuration. In general Fail2ban updates, the firewall rules to reject the IP addresses for a certain period.
Fail2ban is written in Python programming language and it is open source, free, and able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. It provides security against cyber attacks like DDoS attacks, bot attacks brute-forcing, and such.
Prerequisites
- A Ubuntu 22.04 installed dedicated server or KVM VPS
- A root user access or normal user with sudo privileges.
Let get started with the installation.
1. Update The Server
apt update && apt upgrade -y
2. Install Fail2ban
Run following command to install Fail2ban:
apt install fail2ban -y
By default Fail2ban service is disabled, because some of its default settings may cause undesired effects. We'll start and enable Fail2ban service, once we configure it.
Configuring Fail2ban
To configure Fail2ban, we first copy the configuration file jail.conf and save as jail.local file name and modify settings in jail.local. By doing this we keep the main configuration file safe and try and test in copied file. To do this task run following command:
cp /etc/fail2ban/jail.{conf,local}
Now, edit the copied file using your favorite editor.
vi /etc/fail2ban/jail.local
Individual Jail Settings
You can configure individual services. Those are specified by section headers like [sshd]
Each of these sections needs to be enabled individually by adding an enabled = true line under the header, with their other settings.
[jail_to_enable] . . . enabled = true . . .
To enable SSH service, find [sshd] in the jail.local file and add enabled = true below [sshd].
Once you add it, save and exit the file.
3. Start and Enable Fail2ban
Now, let's start and enable Fail2ban service using following commands:
systemctl start fail2ban
systemctl enable fail2ban
Failed To Start Fail2ban
If you get an error after you ran start command, you can use follow solution for it.
open Fail2ban configuration file.
nano /etc/fail2ban/jail.local
Search for "backend", change the backend value to "systemd".
backend = systemd
Restart Fail2ban service
systemctl restart fail2ban
Check the status of the Fail2ban service
systemctl status fail2ban
We can check that the services are running:
fail2ban-client status
Output
Status |- Number of jail: 1 `- Jail list: sshd
We can also check details about specific jail:
fail2ban-client status sshd
There are multiple options that you can modify according to your requirement. Some of the parameters we have mentioned below:
1. bantime
The ban-time of all IP addresses is set by a parameter known as bantime. The value set for bantime by default is just 10 minutes.
bantime = 1d
2. findtime
Another very important variable is findtime. It defines the time-duration allowed between consecutive login attempts.
findtime = 10m
3. maxretry
It defines the exact number of failed login attempts allowed within the findtime. If the number of failed-authorization attempts within the findtime exceeds the maxretry value, the IP would be banned from logging back in.
maxretry = 5
4. ignoreip
To add an IP to this whitelist, modify the ignoreip line and type in the IP address to exempt:
ignoreip = 127.0.0.1/8 ::1 222.222.222.222 192.168.0.0/24
Conclusion
Fail2ban is very useful to secure SSH connection. Now you should able to install and configure fail2ban and add an extra layer of security to the server. We have seen how to install Fail2ban on Ubuntu 22.04.