How To Install and Configure Fail2ban On Ubuntu 20.04

We can install and configure Fail2ban on Ubuntu 20.04 /19.10. Let’s see, how to install Fail2ban on Ubuntu 18.04.

Fail2ban is an intrusion prevention software framework that protects the server from the brute force attacks where attackers continuously try to access the server by guessing the username and password.

How To Install and Configure Fail2ban On Ubuntu 20.04

First of all, you need to update and upgrade the Ubuntu machine if you’re doing it for testing purposes. Use the below command. 

sudo apt update
sudo apt upgrade -y

Check Out: How To Install and Configure ModSecurity On Ubuntu 20.04

Once you have upgraded the system. we can install the fail2ban package on the ubuntu 20.04. 

ubuntu@ubuntu:~$ sudo apt install fail2ban 
Reading package lists... Done
Building dependency tree 
Reading state information... Done
The following additional packages will be installed:
python3-pyinotify whois
Suggested packages:
mailx monit sqlite3 python-pyinotify-doc
The following NEW packages will be installed:
fail2ban python3-pyinotify whois
0 upgraded, 3 newly installed, 0 to remove and 13 not upgraded.
Need to get 444 kB of archives.
After this operation, 2,400 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

When the package is installed. we will allow SSH port 22 in the firewall rules. 

ubuntu@ubuntu:~$ sudo ufw allow 22
Rule added
Rule added (v6)
ubuntu@ubuntu:~$ sudo ufw enable
Firewall is active and enabled on system startup
ubuntu@ubuntu:~$ sudo ufw status
Status: active

To                     Action                 From
--                     ------                 ----
22                     ALLOW                  Anywhere 
22 (v6)                ALLOW                  Anywhere (v6)

Configure Fail2ban on Ubuntu 20.04:

We need to configure fail2ban for SSH service. The configuration file located at /etc/fail2ban/ and takes a backup of jail.conf file. 

cd /etc/fail2ban/
sudo cp jail.conf jail.local

Check Out: How To Install Openfire XMPP Server On CentOS 8 / 7

Open the jail.local file to configure the SSH and add the below code in the file then save it. The fail2ban won’t block the localhost 127.0.0.1.

[DEFAULT]
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 3

We also need to enable SSH in the jail.local file.

[sshd]
enabled = true

If you have a specific IP, you need to whitelist the IP, save the file. 

ignoreip = 127.0.0.1 ::1 192.168.100.11

Troubleshooting:

Once you have configured the Fail2ban with the above code and restarted the service. It’s not running or failed. The reason could be you can see there’s already a default rule that exists with the above code in the jail.local file. So, you can either change the value or just enabled the ssh in the sshd section using enabled = true.

1. Use the below command to check the root cause of failed the service. 

fail2ban-client -vvv -x start

2. You can also check the logs using the below commands.

vim /var/log/fail2ban.log
vim /var/log/auth.log

Restart the service and check the status. 

root@ubuntu:/etc/fail2ban# systemctl restart fail2ban
root@ubuntu:/etc/fail2ban# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-08-20 07:04:26 PDT; 50s ago
Docs: man:fail2ban(1)
Process: 11912 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
Main PID: 11929 (f2b/server)
Tasks: 5 (limit: 3282)
Memory: 15.1M
CGroup: /system.slice/fail2ban.service
└─11929 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Check Out: How To Install SQL Express Server 2019 On Windows 2012 / 2016 R2

We can check the Fail2ban status using the below command where only 1 jail is configured.

root@ubuntu:/etc/fail2ban# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd

You can also check the ssh status like a number of attempts or IP blocked suing Fail2ban. 

root@ubuntu:/etc/fail2ban# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:

If you want to see the Banned IP, use the below command.

sudo zgrep 'Ban:' /var/log/fail2ban.log*

That’s it.

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

Leave a comment