If you’re someone working in the IT networking sector, odds are you’re managing the data and information of your respective company. With that, it is your job to protect the servers containing private and important information from any security breach. Fail2ban is the perfect application to use for protecting your data from all kinds of security breaches. The program scans for unusual log records on your server. When a compromise is found because of an IP address, Fail2ban blacklists the IP address by adding another chain to the iptables. This prevents the network identity from acquiring access to the given server. It’s no surprise that you’d want to learn how to install Fail2ban on Ubuntu given the layers of security it’ll provide to your servers. This guide will cover all the necessary steps to ensure that your servers are safe from attacks and security breaches. Now that the introduction is out of the way, let’s begin!
Step 1: Updating Your Linux Kernel.
Before we install Fail2ban, it’s necessary to upgrade our system to ensure that we don’t face any problems during the installation process. To do that, we make use of the $ apt get update and $ apt get upgrade commands. It should be noted that we’re using Ubuntu 20.04 LTS in this guide. However, the steps are the same regardless of the version you’re using. Follow these steps to update your kernel: This will update the information of your repositories to include the latest package versions. With the steps followed correctly, you should have updated your Linux kernel successfully. Now, you are ready to install Fail2ban.
Step 2: Installing Fail2ban on Ubuntu.
Now that you have updated your Linux kernel, the next step is to install Fail2ban on your system. In order to do that, we make use of the $ install command. To install Fail2ban on your system, follow these steps: You should get an output as shown in the image below. If you followed the steps correctly, then congratulations! You have learned how to install Fail2ban on Ubuntu 20.04 LTS. All that’s left now is to learn how to configure it.
Step 3: Configuring Fail2ban on Ubuntu.
With Fail2ban installed on your system, the next step involves configuring it such that there are no issues with the application when it’s running. This section will provide a brief overview of the features that are available with Fail2ban. In case you’d like a more in-depth overview, you can head over to the official Fail2ban website to learn more. Start by running the following in the Command Terminal: The aforementioned commands should start Fail2ban. Once the service is running, proceed to create a jail. Fail2ban utilizes a jail.conf file for its operations. You can check it out by running this command: However, making edits in that file isn’t recommended as the changes can be overwritten and lost upon the next apt update. To avoid the aforementioned problem, make a clone of the original file under the name jail.local and edit the information in it as needed. You can make a clone of the jail.conf file with the help of the following command: Once that’s done, open the file in the text editor of your choice. For this guide, we’ll be using Vim. This will open the jail.local file. You should see a number of options and comments that explain the functions of different commands within the script. The jail.local file has a lot of options and features that can be edited to your liking. Explaining each and every feature is information overloading, which is why we’ll only cover some necessary terms that everyone should know. If you’d like an in-depth view, head over to the Fail2ban manual.
Understanding Ban and IP Settings.
Out of all the features, having an idea about the IP and ban settings will surely give you an edge on learning to use Fail2ban. These options are present in the jail.local file. Starting with the ignoreip option, you can avoid IP addresses, scope of IPs, or a whole subnet from getting restricted. Plus, numerous IPs can be added utilizing commas and/or spaces. The syntax for ignoreip is given below: Or Settings for bans are classified under the following categories:
Findtime refers to the time between multiple attempts to log in. The duration for it is 10 minutes. This means that in case you are trying an SSH login and the failed attempts hit the maxtry limit under a time of 10 minutes, then, the IP you’re on will be restricted. Bantime refers to the time for which the IP address is restricted from trying to establish a connection with the given server. Like findtime, it also has a time limit of 10 minutes. However, the time limit can be changed according to your liking. Maxretry refers to the total number of allowed attempts trying to establish a connection before denying access to the IP address. The default value is 5, but it can be changed according to your liking. Most people like using 3, as it is a de-facto standard.
While on the topic of server management, it is noteworthy that managing server traffic is of utmost importance. In case the bandwidth provided by a single network proves to be insufficient, you can opt to join multiple network interfaces through a process known as Network Bonding to ensure effortless hosting and decreased redundancy. We hope this guide helped you learn how to install Fail2ban on Ubuntu. If we missed something, or if you have any suggestions on how to improve our guides, let us know in the comment section.