Installing and Configuring Fail2ban

In this article, I will provide an example of how to install and configure Fail2ban.

The Fail2ban installation command in Ubuntu:

sudo apt-get install fail2ban

After installation, configure the configuration files located at:
/etc/fail2ban/fail2ban.conf (main)
/etc/fail2ban/jail.conf (security settings for specific services)
/etc/fail2ban/jail.local (additional file with a higher priority to configure the protection of specific services)
SSH protection is enabled by default after installation.
In the configuration there are already many ready-made settings, for example for apache2, nginx, named, pure-ftpd, proftpd, postfix, etc., which can be activated by setting “true” instead of “false”.

You can immediately specify IP addresses and networks that cannot be blocked, for example local ones, and increase the blocking time by 30 days:

ignoreip = 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
bantime = 30d

Filters for which an unsuccessful attempt to enter the password and other unwanted actions are found in the /etc/fail2ban/filter.d directory and are included naturally in the configuration file /etc/fail2ban/jail.conf and /etc/fail2ban/jail.local. And the response rules are in /etc/fail2ban/action.d.
Logs are normally written in /var/log/fail2ban.log

Viewing rules in iptables:

sudo iptables -S | grep fail2ban
sudo iptables -nvL
sudo ip6tables -nvL

View status:

sudo fail2ban-client status
sudo fail2ban-client status sshd
sudo fail2ban-client status roundcube
sudo fail2ban-client status postfix
sudo fail2ban-client status dovecot
sudo fail2ban-client status proftpd

To restart fail2ban, you need to type:

sudo service fail2ban restart

An example of unblocking an IP address (or you can manually delete a rule in iptables):

sudo fail2ban-client set sshd unbanip "IP"

An example of unblocking all IP addresses:

sudo fail2ban-client unban --all

See also my articles:

Leave a comment

Leave a Reply