Computersnyou

How to install and setup Fail2ban in Ubuntu (14.04) To Protect Against SSH bruteforce attack

Posted on  4/29/2014

In this tutorial I am going to show you , how to install Fail2Ban in your ubuntu server and how to setup and configure fail2ban service to protect ssh against brute force attacks.

Fail2ban setup
Fail2ban setup

Install Fail2Ban

sudo apt-get update 
sudo apt-get upgrade 
sudo apt-get install fail2ban 

It will install fail2ban for you just wait until it finish installing and setting things up .
now lets configure fail2ban

now change to /etc/fail2ban/ directory and make a copy of configuration file

cd /etc/fail2ban
sudo cp jail.conf jail.local 

by default jail.conf will load jail.local as configuration file , it means you can make changes in jail.local according your needs

sudo nano jail.local 

now edit some default setting , you can manually add some IP to ignored IP.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
maxretry = 3

Change destination email to your email address

destemail = root@localhost

and finally change

action = %(action_)s 

To

action = %(action_mw )s

If you want fail2ban for some other services just set # enabled = true in “SECTION_NAME”

If you want to configure some advanced filters and configure log filters take look at

/etc/fail2ban/filter.d 

Now Restart Fail2Ban service and check IPTABLES Rules

sudo service fail2ban restart

See The Iptables Rules

sudo iptables -L 

Some useful links :

  1. Fail2Ban Homepage
  2. Ubuntu Community Guide
  3. Contribute On Github

  • Home
  • About