Linux ServerSSH

SSH – Fail To Ban

After the installation of Ubuntu Server, one thing that you probably will need to use is an SSH Server to connect to your Ubuntu through your main operating system. SSH replaces insecure rlogin and rsh and provides encrypted communication between to hosts over a network.

Although the security benefits that SSH protocol provides, any service that is exposed to the Internet is at risk of malicious attacks. One common attack is brutal force, which basically consists of guessing the credentials to access your server.

What is Fail2Ban?

Fail2Ban is a tool that helps protect your Linux server from brutal-force attacks by monitoring the services logs for malicious activity. When fail2ban identifies a defined number of unsuccessful attempts of login, fail2ban will ban the IP address of the attacker for a specific length of time. When this period expires, the IP address is removed from the ban list.

How to install fail2Ban on Ubuntu Server?

First, confirm that you have your server updated. Then install the package fail2ban.

sudo apt update
sudo apt install fail2ban

Example 1 – Installing fail2ban on Ubuntu Server

After the installation, the fail2ban service will start automatically. However, you can check the status of the service by running the following command:

sudo service fail2ban status

Configuration

Fail2ban has two configuration files per default located on:

/etc/fail2ban/jail.conf
/etc/fail2ban/jail.d/defaults-debian.conf

It’s not recommended to change these files since that any package update can overwrite those. To configure fail2ban, the easiest way is to copy the jail.conf to jail.local, since each .local file overrides the settings from the .conf file.

cd /etc/fail2ban
sudo cp jail.conf jail.local
sudo nano jail.local

In this configuration file you can, for example:

  • whitelist ip address – on the line 92;
  • define the duration of the ban – on the line 101;
  • setup email notifications – on the line 171.

After setting up your custom configuration, you will need to restart the fail2ban service. To do this, run the following command:

sudo service fail2ban restart

Conclusion

Everything that is exposed to the Internet is not safe! For this reason, security is never enough!

In this article, we’ve shown how to install and configure Fail2ban on Ubuntu Server.

This tutorial is also valid for Debian distributions. However, some commands that we’ve shown might not work on other Linux distributions that aren’t based on Debian.

For more information about this topic, you can examine the Fail2ban documentation.

Leave a Reply