How to install and setup Fail2ban in Ubuntu (14.04) To Protect Against SSH bruteforce attack

In this tutorial I am going to show you , how to install Fail2Ban in your ubuntu server and how to setup and configure fail2ban service to protect ssh against brute force attacks.

Fail2ban setup

Install Fail2Ban

sudo apt-get update 
sudo apt-get upgrade 
sudo apt-get install fail2ban 

It will install fail2ban for you just wait until it finish installing and setting things up .
now lets configure fail2ban

now change to /etc/fail2ban/ directory and make a copy of configuration file

cd /etc/fail2ban
sudo cp jail.conf jail.local 

by default jail.conf will load jail.local as configuration file , it means you can make changes in jail.local according your needs

sudo nano jail.local 

now edit some default setting , you can manually add some IP to ignored IP.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
maxretry = 3

Change destination email to your email address

destemail = [email protected]

and finally change

action = %(action_)s 

To

action = %(action_mw )s

If you want fail2ban for some other services just set # enabled = true in “SECTION_NAME”

If you want to configure some advanced filters and configure log filters take look at

/etc/fail2ban/filter.d 

Now Restart Fail2Ban service and check IPTABLES Rules

sudo service fail2ban restart

See The Iptables Rules

sudo iptables -L 

Some useful links :
1. Fail2Ban Homepage
2. Ubuntu Community Guide
3. Contribute On Github

Tagged With : -
Show Comments( 2 )