Installing and Configuring Fail2Ban for Ubuntu

Fail2Ban is an application that prevents dictionary attacks on your server. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker’s IP address. Attempted logins can be monitored on a variety of protocols, including SSH, HTTP, and SMTP. By default, Fail2Ban monitors SSH only.

Install Fail2Ban by entering the following command:

sudo apt-get install fail2ban

Optionally, you can override the default Fail2Ban configuration by creating a new

jail.local file.

Enter the following command to create the file:

sudo nano /etc/fail2ban/jail.local

Set the bantime variable to specify how long (in seconds) bans should last.

Set the maxretry variable to specify the default number of tries a connection may be attempted before an attacker’s IP address is banned.

Press Control-x and then press y to save the changes to the Fail2Ban configuration file.

Restart Fail2Ban by using sudo service fail2ban restart.

Fail2Ban is now installed and running on your Server. It will monitor your log files for failed login attempts. After an IP address has exceeded the maximum number of authentication attempts, it will be blocked at the network level and the event will be logged in

/var/log/fail2ban.log.
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

How to add a new user on Ubuntu

The problem with logging in as root is that you can execute any command - even a command that...

How to Install a Firewall on Ubuntu

So you want to setup a firewall to limit and block unwanted inbound traffic to your Server....

Disabling SSH Password Authentication and Root Login for Ubuntu

You just strengthened the security of your Server by adding a new user and generating SSH keys....

Initial Steps to securing your Ubuntu server

Securing your Ubuntu server is a big step in the right direction and most importantly it will...