Installing and Configuring Fail2ban

The Fail2ban installation command in Ubuntu:

sudo apt-get install fail2ban

After installation, configure the configuration files located at:
/etc/fail2ban/fail2ban.conf (main)
/etc/fail2ban/jail.conf (security settings for specific services)
/etc/fail2ban/jail.local (additional file with a higher priority to configure the protection of specific services)
SSH protection is enabled by default after installation.
In the configuration there are already many ready-made settings, for example for apache2, nginx, named, pure-ftpd, proftpd, postfix, etc., which can be activated by setting “true” instead of “false”.

You can immediately specify IP that can not be blocked, for example, local networks:

ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Filters for which an unsuccessful attempt to enter the password and other unwanted actions are found in the /etc/fail2ban/filter.d directory and are included naturally in the configuration file /etc/fail2ban/jail.conf and /etc/fail2ban/jail.local. And the response rules are in /etc/fail2ban/action.d.
Logs are normally written in /var/log/fail2ban.log

Viewing rules in iptables:

sudo iptables -S | grep fail2ban

View status:

sudo fail2ban-client status

To restart fail2ban, you need to type:

sudo service fail2ban restart

See also:
Configuring Fail2Ban for ProFTPd
Configuring Fail2Ban for Asterisk
Configuring Fail2Ban for Bind9

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply