In this tutorial I am going to show you , how to install Fail2Ban in your ubuntu server and how to setup and configure fail2ban service to protect ssh against brute force attacks.
sudo apt-get update sudo apt-get upgrade sudo apt-get install fail2ban
It will install fail2ban for you just wait until it finish installing and setting things up .
now lets configure fail2ban
now change to
/etc/fail2ban/ directory and make a copy of configuration file
cd /etc/fail2ban sudo cp jail.conf jail.local
by default jail.conf will load jail.local as configuration file , it means you can make changes in jail.local according your needs
sudo nano jail.local
now edit some default setting , you can manually add some IP to ignored IP.
[DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 maxretry = 3
Change destination email to your email address
destemail = [email protected]
and finally change
action = %(action_)s
action = %(action_mw )s
If you want fail2ban for some other services just set
# enabled = true in “SECTION_NAME”
If you want to configure some advanced filters and configure log filters take look at
Now Restart Fail2Ban service and check IPTABLES Rules
sudo service fail2ban restart
See The Iptables Rules
sudo iptables -L