Install and Configure Fail2Ban on Ubuntu 23.10/CentOS 8/Linux Server

In this chapter, you will learn

  1. What is Fail2Ban utility?
  2. How to Install Fail2Ban on Ubuntu 23.10/CentOS 8?
  3. How to Configure Fail2Ban for Linux server?

Introduction to Fail2Ban

Fail2ban is a free and open-source software for Linux-based systems that protects Ubuntu, CentOS, and other Linux distributions from brute-force attacks, failed login attempts, and other suspicious activities.

Fail2ban monitors system-generated log files such as SSH logs, Apache logs, and all other log files, analyzing them for suspicious activity. If it detects something suspicious, such as several failed login attempts, it instantly blocks the connection, thus protecting the server.

Installation

Ubuntu

Step 1: Update Ubuntu Server
sudo apt update && sudo apt upgrade
Step 2: Install Fail2Ban
sudo apt install fail2ban

CentOS

sudo yum install epel-release
sudo yum install fail2ban

Configure Fail2Ban

After installing Fail2Ban, it's time to configure it to ensure proper functionality.

Step 1: Create a copy of the Fail2Ban configuration file.

The configuration file for Fail2Ban is located at /etc/fail2ban/jail.conf. You should create a copy of this configuration file named /etc/fail2ban/local.conf. Avoid editing the jail.conf file, as it will reset during future updates. Fail2Ban reads the local.conf file effectively.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Step 2: Edit the local.conf file.
sudo vi /etc/fail2ban/jail.local
Step 3: Add the following line for basic configuration.
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 600
bantime = 3600

Activate Fail2Ban

After completing the configuration, you should enable and start the Fail2Ban as follows:

Enable Fail2Ban

sudo systemctl enable fail2ban

Start Fail2Ban

sudo systemctl start fail2ban

Restart Fail2Ban

sudo systemctl restart fail2ban

Check Status

To check the Fail2Ban status and banned IP, use the following command.

sudo fail2ban-client status

In addition to these configurations, there are numerous other options available that can be used to enhance server security. You should consult the Fail2Ban documentation for further details.

Summary

Fail2Ban is essential security software for any Linux-based system. To safeguard your SSH server from malicious users, it's imperative to install and configure Fail2Ban on your Ubuntu or CentOS server.




Print