How to Install and Configure Fail2ban on Ubuntu

  • Post last modified:September 10, 2021
  • Reading time:6 mins read

It is no secret that joining the internet on your computer comes with certain threats. Malware, viruses, ransomware, and force-brute attempts to access your account. 

For instance, someone might get their hands on a MacBook remotely and hinder your experience by restarting the laptop or even putting it to sleep. The latter might seem like a stretch, but according to https://setapp.com/, controlling Mac’s sleep mode is not that difficult if you have the tools and access.

These risks are just a couple of examples, and the danger increases, even more, when you have to join a public network. Wi-Fi at hotels, bars, cafes, or libraries is usually free and does not even require a password to join. Moreover, these networks usually lack security packages.

So, what are some available options to protect yourself? When it comes to general solutions, virtual private networks and antivirus software are usually the go-to picks, but certain demographics have even more available tools.

Fail2ban is a great example if you have Ubuntu. The tool seeks signs of abusers who look to expose potential password authentication and filters them out by IP addresses. The information is then sent to the firewall which has a list of suspended IP addresses. 

If you are a Ubuntu user and feel like there are too many threats online, getting Fail2ban might be exactly what you are looking for. Below, you will find the instructions on how to set up the tool on your device and how to get the most out of it.

Updating Package Listing and Installing

First, you want to make sure that your Ubuntu has the 20.04 version. Fail2ban is part of the official repositories and it comes for free.

What you wanna do is to use the update command to update the package listing.

$ sudo apt update

After all, not running the latest Fail2ban version will likely result in some missing features and compatibility problems.

Once it has been done, we will install fail2ban.

$ sudo apt install fail2ban

It should not take too long if there are no problems with the computer’s performance. Keep in mind that Fail2ban will launch without you doing anything as soon as the installation is over. 

At the same time, you can still double-check to make sure that the process went okay. For that, use the below command:

$ sudo systemctl status fail2ban

command and check the output. Seeing the word “active (running)” indicates that everything should be fine.

Configuring

The next step is configuring the tool. Do not think that installing and activating it on the computer is enough. No, what you want is to create a Fail2ban configuration that will be efficient and protect you from potential threats while you are using your computer.

For starters, you want to make some changes to two files—jail.conf and defaults-debian.conf. For jail.conf, you want to transfer the file to jail.local and then make changes to the .local file, especially if you are still relatively new to Fail2ban.

Those who are more experienced with the tool may tinker with the .local file and create the configuration from scratch

Note that Fail2ban follows this list in order when configuring .local data, and .local data overwrites settings in the .conf data:

  1. /etc/fail2ban/jail.conf
  2. /etc/fail2ban/jail.d/*.conf
  3. /etc/fail2ban/jail.local
  4. /etc/fail2ban/jail.d/*.local

Before you rush to editing, keep in mind that you should not modify the files directly because doing so might break Fail2ban. Instead, what you want to do is create a copy as a safety net and make the changes on it rather than the original files.

Your next step is to create a .local configuration file in the default jail.conf file. Run the below command:

$ sudo cp /etc/fail2ban/jail.{conf,local}

Then, use a text editor to modify the jail.local file. For that, enter

$ sudo nano /etc/fail2ban/jail.local

Now, let’s take a look at some examples.

  • IP ban parameters

As already mentioned, Fail2ban tracks IP addresses to block unwanted attacks. The default ban time is set to 10 minutes, which is honestly not that much because an attacker can start again after 10 minutes.

Using “# bantime = 1d” to replace the default ban time would be a more appropriate approach. In fact, you can set the ban time to permanent by assigning a negative value in the command.

  • Find time parameters

The find time (# findtime = 10m) is another crucial element of the whole setup. Think of it as the time duration between trying to log in consecutively.

Whenever someone tries to access your device multiple times in the set period of time, they will immediately get an IP ban.

  • Max retry parameters

Finally, we have max retries, a command that looks like this: “# maxretry = 5”. This element exists to determine how many failed login attempts are allowed before Fail2ban bans the IP address

  • Exclusions

It is important to note that you can add exclusions. If there is an IP address that you want to exclude, modify the “ignoreip” line and add the address instead.

Find “ignoreip” line to the /etc/fail2ban/jail.local directory and look like this: ignoreip = 83.221.122.226

  • Email notifications

The tool can notify you via email whenever an IP is added to the blacklist. First, you will need to install SMTP on the server and modify the original action. 

To set up the feature, enter action = %(action_mw)s in the jail.local directory. If you want to change the sending and receiving emails, use these two:

Conclusion
So there you have it. Hopefully, this short guide will be a great introduction for those interested in setting up Fail2ban on their computers.

Keep in mind that regular login attempts are a problem that is not as easy to solve as one might think. Moreover, it is worth mentioning that people can change their IP addresses using various means, and having a tool that can react to these threats and eliminate them is bound to prove useful.

Like what you read? Please share it with others.
  • 1
    Share

Leave a Reply