How To Install Fail2ban on Ubuntu

By Chandrashekhar Fakirpure

Updated on Feb 02, 2024

How To Install Fail2ban on Ubuntu 22.04

In this tutorial, we'll explain how to install Fail2ban on Ubuntu 22.04.

Fail2Ban is an excellent intrusion prevention software framework from SSH from a brute-force attack. It’s written in the Python programming language. It should be one of your top priorities when hardening the server.

Fail2ban create rules that automatically alter your iptables firewall configuration. In general Fail2ban updates, the firewall rules to reject the IP addresses for a certain period.

Fail2ban is written in Python programming language and it is open source, free, and able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. It provides security against cyber attacks like DDoS attacks, bot attacks brute-forcing, and such.

Prerequisites

  • A Ubuntu 22.04 installed dedicated server or KVM VPS
  • A root user access or normal user with sudo privileges.

Let get started with the installation.

1. Update The Server

apt update && apt upgrade -y

2. Install Fail2ban

Run following command to install Fail2ban:

apt install fail2ban -y

By default Fail2ban service is disabled, because some of its default settings may cause undesired effects. We'll start and enable Fail2ban service, once we configure it.

Configuring Fail2ban

To configure Fail2ban, we first copy the configuration file jail.conf and save as jail.local file name and modify settings in jail.local. By doing this we keep the main configuration file safe and try and test in copied file. To do this task run following command:

cp /etc/fail2ban/jail.{conf,local}

Now, edit the copied file using your favorite editor.

vi /etc/fail2ban/jail.local

Individual Jail Settings

You can configure individual services. Those are specified by section headers like [sshd]

Each of these sections needs to be enabled individually by adding an enabled = true line under the header, with their other settings.

[jail_to_enable]
. . .
enabled = true
. . .
    

To enable SSH service, find [sshd] in the jail.local file and add enabled = true below [sshd].

Once you add it, save and exit the file.

3. Start and Enable Fail2ban

Now, let's start and enable Fail2ban service using following commands:

systemctl start fail2ban
systemctl enable fail2ban

Failed To Start Fail2ban

If you get an error after you ran start command, you can use follow solution for it.

open Fail2ban configuration file.

nano /etc/fail2ban/jail.local

Search for "backend", change the backend value to "systemd".

backend = systemd

Restart Fail2ban service

systemctl restart fail2ban

Check the status of the Fail2ban service

systemctl status fail2ban

We can check that the services are running:

fail2ban-client status

Output

Status
|- Number of jail:  1
`- Jail list:   sshd
    

We can also check details about specific jail:

fail2ban-client status sshd

There are multiple options that you can modify according to your requirement. Some of the parameters we have mentioned below:

1. bantime

The ban-time of all IP addresses is set by a parameter known as bantime. The value set for bantime by default is just 10 minutes.

bantime = 1d

2. findtime

Another very important variable is findtime. It defines the time-duration allowed between consecutive login attempts.

findtime = 10m

3. maxretry

It defines the exact number of failed login attempts allowed within the findtime. If the number of failed-authorization attempts within the findtime exceeds the maxretry value, the IP would be banned from logging back in.

maxretry = 5

4. ignoreip

To add an IP to this whitelist, modify the ignoreip line and type in the IP address to exempt:

ignoreip = 127.0.0.1/8 ::1 222.222.222.222 192.168.0.0/24

Conclusion

Fail2ban is very useful to secure SSH connection. Now you should able to install and configure fail2ban and add an extra layer of security to the server. We have seen how to install Fail2ban on Ubuntu 22.04.