This tutorial is about How to install fail2ban on Ubuntu Server 22.04. We will try our best so that you understand this guide. I hope you like this blog, How to install fail2ban on Ubuntu Server 22.04. If your answer is yes, please do share after reading this.
So lets keep reading for intertesting info:
Check How to install fail2ban on Ubuntu Server 22.04
Fail2Ban is a robust intrusion prevention software framework that protects computer servers from brute force and other attacks. This is accomplished by reading access/error logs on your server or web application, which can then be used to identify malicious users before they do any damage. The software is very popular with public servers. Whether you own a server or want to protect your network, Fail2ban can stop attacks before they do any damage.
This software is written in Python and runs on POSIX systems with an interface to locally installed packet control systems, such as iptables or the TCP Wrapper; this means that in addition to servers, desktops can also be supported, which have a different set of rules. . Fail2ban is a free and open source IPS (Intrusion Prevention Software) software that helps administrators protect Linux servers from malicious logins and brute force attacks.
Written in Python, Fail2ban includes filters for various services like Apache2, SSH, FTP, etc. Fail2ban reduces malicious login attempts by blocking IP addresses from source attacks. Fail2ban scans service log files (eg /var/log/auth.log) and bans IP addresses that show malicious login attempts, such as too many bad passwords, exploit searches, etc. Fail2ban also supports multiple firewall servers like iptables, ufw, and firewalld. You can also set up an email notification for every blocked login attempt.
How to install fail2ban on Ubuntu Server 22.04
Configure UFW Firewall
Before you start installing Fail2ban, you must first configure the Firewall on your Ubuntu server. The UFW firewall is included with the default Ubuntu server installation and is easier to manage than other firewalls like iptables. Now, use the following command to check the status of the UFW firewall.
If you get the output message as “Status: Down”, then your UFW firewall has not started yet. But if you get an output message like “ufw command not found”, then UFW firewall is not installed on your server. To install the UFW firewall package, run the apt command below.
After the UFW installation is complete, use the following command to add the SSH service to the UFW firewall.
Then enter the following command to start and activate the UFW firewall.
Enter y to confirm and start the UFW firewall. Finally, run the following command to recheck the UFW firewall.
Install Fail2ban on Ubuntu 22.04
After you have installed and configured the UFW firewall, you will now install the Fail2ban package on your server. Update your Ubuntu repository using the following command.
Now install the Fail2ban package using the following command.
- sudo apt install fail2ban -y
The installation will start. After completing the Fail2ban installation, enable the Fail2ban service and start it using the following command.
- sudo systemctl enable fail2ban
- sudo systemctl start fail2ban
Lastly, check the status of the Fail2ban service using the following command.
- sudo systemctl status fail2ban
The Fail2ban service can be seen operating on the Ubuntu 22.04 server.
Fail2ban configuration
Once you’ve installed Fail2ban, it’s time to install and configure it. The /etc/fail2ban directory contains all Fail2ban configurations. You should be aware of the following Fail2ban configuration details:
- The fail2ban.conf configuration is the main configuration of Fail2ban.
- The jail.conf configuration is an example of the Fail2ban jail configuration.
- The action.d directory contains fail2ban action settings, such as mail settings and firewall settings.
- The jail.d directory contains additional configuration for fail2ban jail.
To start configuring Fail2ban, you will need to copy the default jail configuration jail.conf to jail.local using the following command.
- sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now edit the jail.local configuration using the nano editor.
- sudo nano /etc/fail2ban/jail.local
First, uncomment the ignoreip option and add your IP address. All IP addresses within the ignoreip option will not be blocked by Fail2ban.
- ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 192.168.10.20
For the ban setting, you can change the setting as you need. In this example, the global ban time will be 1 day, the search time will be 10 minutes, and the maximum attempts will be up to 5 times. The bantime option is the time that the IP address will be banned from accessing the server. The search time option is the duration between the number of failures before the ban action. And the maxretry option is the number of failures for IP addresses to be banned.
- ban time = 1d
- search time = 10m
- max attempt = 5
The default action of Fail2ban is to ban the IP address. You can also configure email notifications when an IP address is blocked. Change the action option and the default sender and destination email addresses as shown below.
- action = %(action_mw)s
- destemail = admin@hwdomain.io
- sender = root@hwdomain.io
Next, for UFW firewall integration, you need to change the banaction option to ufw as shown below.
Using Fail2ban-client to check Fail2ban status
The fail2ban fail2ban-client command line allows you to interact with the Fail2ban service. This allows you to manage and configure Fail2ban from the command line, as well as manage Fail2ban jails. Run the following fail2ban-client command to verify fail2ban installation and configuration.
- sudo fail2ban -ping client
If you get an output message like “Server replied: pong”, this means that Fail2ban is running without any errors. Next, run the following fail2ban-client command to check the status of the sshd jail.
- sudo fail2ban -sshd client status
You can now use the fail2ban-client command to receive a full sshd jail setup, as seen below. Examine the bantime configuration for the sshd jail. You will get the output of bantime in seconds here.
- sudo fail2ban-client get sshd bantime
Examine the maxrtey configuration of sshd jail. The maxretry here is three, since it’s overridden by the global setting, which is five times.
- sudo fail2ban-client get sshd maxretry
For ban in sshd jail you can use below command. And you should get the output of ufw as the default action for sshd jail.
- sudo fail2ban-client get sshd shares
For the seek time here, you will also see the sshd jailbreak value. The output here will also be in seconds format.
- sudo fail2ban-client get sshd findtime
Finally, you can use the following command to get the default ignoreip for sshd jail. You will see that ignoreip has the same value as the Fail2ban global setting.
- sudo fail2ban-client get sshd ignoreip
Final words: How to install fail2ban on Ubuntu Server 22.04
I hope you understand this article, How to install fail2ban on Ubuntu Server 22.04. If your answer is no, you can ask anything via the contact forum section related to this article. And if your answer is yes, please share this article with your friends and family to give us your support.
