Are you confused about whether you need to install fail2ban on Ubuntu?

If there any greater number of failed authentication attempts occur, fail2ban blocks the IP where the failed authentication attempt originated.

Here at Bobcares, we have help web hosts and online service providers to install fail2ban as part of our Server Management Services.

Today we’ll take a look at how to install fail2ban on Ubuntu

Why is Fail2ban important to install?

Have you ever see a message after logged into your server like this?

Last failed login: Mon Sep 15 11:37:02 MST 2020 from X.X.X.X on ssh:notty
There were 1048 failed login attempts since the last successful login.
Last login: Mon sep 15 13:35:57 2020 from X.X.X.X

This indicated that the server is under a “brute force” attack because 1048 failed login attempts happen via ssh in the server.

In this case, an attacker guess passwords repeatedly and randomly until they get the correct password. Mostly, applications use for brute force attacks are cracking passwords and cracking encryption keys.

Therefore, it is so important to use a strong server password that cannot be predicted by others.

Luckily Fail2ban is a log-parsing application that helps to blocks located attempts. It adds a new rule to iptables to block the IP address of the hacker. Also, Fail2ban’s primary focus is on SSH attacks.

How to Install and Configure Fail2ban on Ubuntu

Now let’s look into the process of installing Fail2ban on Ubuntu

The root privileges required to run these commands on the server. So, we log in as root or prefix these commands with sudo.

1. Initially, we run the  following two commands to install the program,

apt-get update

apt-get install fail2ban -y

2. We will start the service, so it is running.

service fail2ban restart

3. At last, we check to make sure Fail2ban is running after the restart,

service fail2ban status

Next, we configuring Fail2ban to define custom rules for what services it protects, and how to handle invalid attempts.

4. Firstly, we create a configuration file for Fail2ban which is not existed by default,

touch /etc/fail2ban/jail.local

vi /etc/fail2ban/jail.local

5. Paste in the following parameters to file, and save the file.

[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
bantime = 3600
findtime = 600
maxretry = 5
[sshd]
enabled = true

• 127.0.0.1 and ::1:- These are the IPv4 and IPv6 addresses for localhost, respectively.
• bantime:- If any IP attempts to login 5 times{maxretry = 5} , these will ban IP addresses for one hour {bantime = 3600} within 10 minutes {findtime = 600}.
• Finally, we enable the jail for sshd.

Setting a ban time of -1 will result in a permanent ban on that IP address.

6. Then, we restart Fail2ban.

service fail2ban restart

That’s it.

How we fixed error related to installing Fail2ban on Ubuntu

Now let’s see the reasons for the curl error and how our Support Engineers resolve this error to our customers.

Typo in the configuration file:- If Fail2ban does not start successfully after creating the configuration file, there is a chance to have a typo in the configuration file /etc/fail2ban/jail.local. So, our Support Engineers check the file contents and correct the mistake. Then, they try again.

Conclusion

In this article, Fail2ban helps to protect all kinds of services such as sshd, httpd. Therefore, it improves the server’s security. Today, we saw how our Support Engineers install fail2ban on Ubuntu.