We can install and configure Fail2ban on Ubuntu 20.04 /19.10. Let’s see, how to install Fail2ban on Ubuntu 18.04.
Fail2ban is an intrusion prevention software framework that protects the server from the brute force attacks where attackers continuously try to access the server by guessing the username and password.
How To Install and Configure Fail2ban On Ubuntu 20.04
First of all, you need to update and upgrade the Ubuntu machine if you’re doing it for testing purposes. Use the below command.
sudo apt update sudo apt upgrade -y
Once you have upgraded the system. we can install the fail2ban package on the ubuntu 20.04.
ubuntu@ubuntu:~$ sudo apt install fail2ban Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: python3-pyinotify whois Suggested packages: mailx monit sqlite3 python-pyinotify-doc The following NEW packages will be installed: fail2ban python3-pyinotify whois 0 upgraded, 3 newly installed, 0 to remove and 13 not upgraded. Need to get 444 kB of archives. After this operation, 2,400 kB of additional disk space will be used. Do you want to continue? [Y/n] y
When the package is installed. we will allow SSH port 22 in the firewall rules.
ubuntu@ubuntu:~$ sudo ufw allow 22 Rule added Rule added (v6) ubuntu@ubuntu:~$ sudo ufw enable Firewall is active and enabled on system startup ubuntu@ubuntu:~$ sudo ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)
Configure Fail2ban on Ubuntu 20.04:
We need to configure fail2ban for SSH service. The configuration file located at /etc/fail2ban/ and takes a backup of jail.conf file.
cd /etc/fail2ban/ sudo cp jail.conf jail.local
Open the jail.local file to configure the SSH and add the below code in the file then save it. The fail2ban won’t block the localhost 127.0.0.1.
[DEFAULT] ignoreip = 127.0.0.1 bantime = 3600 findtime = 600 maxretry = 3
We also need to enable SSH in the jail.local file.
[sshd] enabled = true
If you have a specific IP, you need to whitelist the IP, save the file.
ignoreip = 127.0.0.1 ::1 192.168.100.11
Once you have configured the Fail2ban with the above code and restarted the service. It’s not running or failed. The reason could be you can see there’s already a default rule that exists with the above code in the jail.local file. So, you can either change the value or just enabled the ssh in the sshd section using enabled = true.
1. Use the below command to check the root cause of failed the service.
fail2ban-client -vvv -x start
2. You can also check the logs using the below commands.
vim /var/log/fail2ban.log vim /var/log/auth.log
Restart the service and check the status.
root@ubuntu:/etc/fail2ban# systemctl restart fail2ban root@ubuntu:/etc/fail2ban# systemctl status fail2ban ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-08-20 07:04:26 PDT; 50s ago Docs: man:fail2ban(1) Process: 11912 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS) Main PID: 11929 (f2b/server) Tasks: 5 (limit: 3282) Memory: 15.1M CGroup: /system.slice/fail2ban.service └─11929 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
We can check the Fail2ban status using the below command where only 1 jail is configured.
root@ubuntu:/etc/fail2ban# fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd
You can also check the ssh status like a number of attempts or IP blocked suing Fail2ban.
root@ubuntu:/etc/fail2ban# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
If you want to see the Banned IP, use the below command.
sudo zgrep 'Ban:' /var/log/fail2ban.log*