Install Fail2ban on an Ubuntu
As always, first login to your VPS via SSH:
# ssh user@hostname
Installing Fail2ban is very simple just run:
user@hostname ~$ sudo apt-get update user@hostname ~$ sudo apt-get install fail2ban
If you want Fail2ban to send mail notifications, you’ll need some kind of SMTP server such as Posfix, Exim or Sendmail. For example, you can install Posfix with the following command:
user@hostname ~$ sudo apt-get install postfix
The best practice is to duplicate the default Fail2ban configuration file and to work on a local copy, which keeps your changes safe from updates. To create a local copy (jail.local) just run:
user@hostname ~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
After the file is copied, you should make all your changes and additions to the jail.local file.
Open up the jail.local file in your text editor of choice and let’s make some changes.
user@hostname ~$ sudo vim /etc/fail2ban/jail.local
The [DEFAULT] section:
- ignoreip:, by default only 127.0.0.1 is whitelisted, you should also add your VPS and Local IP addresses into the ignoreip line.example:
ignoreip = 127.0.0.0 184.108.40.206/24 220.127.116.11
- bantime:, the ban time (in seconds). You can use a negative number for permanent ban.
- maxretry:, the number of failures before an IP get banned.
- destemail:, the email to which the alerts will be sent. You should put your email address.
- action:, if you want to receive alerts with whois report and relevant log lines, change it to:
action = %(action_mwl)s
Jails are the rules which Fail2Ban apply to a given service and are combination of a filter and action. By default only the ssh jail is enabled, you can enable additional jails according to your needs by changing
enabled = false to
enabled = true
Finally restart the Fail2Ban service so that the changes take effect.
user@hostname ~$ sudo /etc/init.d/fail2ban restart
If you want to tweak the existing filters or add some new filters, you can find them in the /etc/fail2ban/filter.d/ directory.
For example if you want to edit the Fail2Ban filter for the OpenSSH service, open end edit the following file:
user@hostname ~$ sudo vim /etc/fail2ban/filter.d/sshd.conf
Do not forget to restart the Fail2Ban service after you make changes to the configuration files.
That’s it. You have successfully installed Fail2Ban on your Ubuntu. For more information about Fail2Ban, please refer to the Fail2Ban website.