Best Fail2ban Setup on Ubuntu 22.04 | Full Steps

Install and Configure Fail2ban on Ubuntu 22.04

In this guide, we want to teach you the full steps for Fail2ban Setup on Ubuntu 22.04. Fail2Ban is a commonly used Intrusion Prevention System (IPS) written in Python. With its inception as an open-source Python product in 2004, it has been a hit in the development community, and development has continued to the present.

Fail2Ban is designed to help servers of all types avoid brute-force attacks. It utilizes a variety of customizable features to accomplish this goal. You can now proceed to the following steps on the Orcacore website to start your setup.

Full Steps To Fail2ban Setup on Ubuntu 22.04

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on the Initial Server Setup with Ubuntu 22.04.

1. Install and Enable Fail2ban on Ubuntu 22.04

By default, Fail2ban packages are available in the default Ubuntu 22.04 repository. First, update and upgrade your local package index:

sudo apt update && sudo apt upgrade -y

Then, use the command below to install Fail2ban:

sudo apt install fail2ban -y

Now you need to run the command below to start and enable your Fail2ban service:

sudo systemctl enable fail2ban --now

Verify your Fail2ban service is active and running on Ubuntu 22.04:

sudo systemctl status fail2ban
Fail2ban Setup on Ubuntu 22.04

2. Configure Fail2ban on Ubuntu 22.04

After completing the installation, you need to do some setup and basic configuration. To do this, follow the steps below.

Fail2ban comes with two configuration files, which are located in /etc/fail2ban/jail.conf and The default Fail2ban /etc/fail2ban/jail.d/defaults-debian.conf.

Do not modify these files. The original set-up files are your originals and will be replaced in any update to Fail2ban in the future.

Backup Fail2ban Settings

At this point, use the following command to create a copy of the configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Then, verify that the jail.local file exists within /etc/fail2ban/ directory:

ls /etc/fail2ban/jail.local
Output
/etc/fail2ban/jail.local

Make Configuration changes at the jail.local file

At this point, open the local configuration file with your favorite text editor. Here we use vi:

sudo vi /etc/fail2ban/jail.local

IP addresses, IP ranges, or hosts that you want to exclude from banning can be added to the ignoreip directive.

At this point, you should add your local PC IP address and all other machines that you want to whitelist.

Find the “ignoreip” line and uncomment it by removing the hashtag from it and adding your IP addresses separated by a space:

ignoreip = 127.0.0.1/8 ::1 123.123.123.123 192.168.1.0/24

At this point, find the “bantime” line, the duration for which the IP is banned; by default, it is set to 10m. You can change the value to your liking:

bantime = 1d

To permanently ban the IP, you can use a negative number.

The findtime is the duration between the number of failures before a ban is set.

The maxretry is the number of failures before an IP is banned. The default value is set to five, which should be fine for most users.

Fail2ban can send email alerts when an IP has been banned on Ubuntu 22.04.

To receive email messages, you need to have an SMTP installed on your server and change the default action. It only bans the IP to this:

action = %(action_mw)s

If you want to receive the relevant logs too, you should set this to the:

action = %(action_mwl)s

Also, you can adjust the sending and receiving email addresses:

destemail = admin@orcacore.com
sender = root@orcacore.com

3. Configure Fail2ban jails on Ubuntu 22.04

In this section of the Fail2ban setup on Ubuntu 22.04, we want to talk about Jails. Fail2ban uses the concept of jails. A jail describes a service and includes filters and actions.

By default, only the SSH jail is enabled.

You can also create your jail configurations. To enable a jail, you need to add enabled = true after the jail title.

For example, to enable the postfix jail, you can do this:

[postfix]
enabled  = true
port     = smtp,ssmtp
filter   = postfix
logpath  = /var/log/mail.log

When you are done, save and close the file.

Finally, restart Fail2ban on Ubuntu 22.04 with the following command to apply these changes:

sudo systemctl restart fail2ban

Let’s see how to use Fail2ban.

4. How To Use Fail2ban? Fail2ban Client

Fail2ban comes with a command-line tool named fail2ban-client. You can use this command to interact with the Fail2ban service.

You can list all available options with the following command:

fail2ban-client -h
Fail2ban Client

This tool can be used to ban/unban IP addresses, change settings, restart the service, and more. Here are a few examples:

To check the status of jail, you can use the following command:

sudo fail2ban-client status sshd

Also, you can unban an IP with the following command:

sudo fail2ban-client set sshd unbanip 23.34.45.56

To ban an IP, you can use the following command:

sudo fail2ban-client set sshd banip 23.34.45.56

5. Uninstall Fail2ban From Ubuntu 22.04

If you don’t want to use Fail2ban anymore, you can easily disable it with the command below:

sudo systemctl disable fail2ban --now

Then, remove Fail2ban with the command below:

sudo apt autoremove fail2ban --purge -y

Conclusion

At this point, you have learned to install and Configure Fail2ban on Ubuntu 22.04. Fail2ban helps protect against brute-force attacks by monitoring log files and automatically banning IPs that show malicious behavior. With minimal setup, Fail2Ban adds a valuable layer of defense to your system.

Hope you enjoy it. Please follow us on Facebook, X, and YouTube.

Also, you may like these articles:

How to change the SSH port in Ubuntu

Install RPM Packages on Ubuntu 20.04

Install Vagrant on Ubuntu 20.04

Tags
Share your love
Related Posts

Stay informed and not overwhelmed, subscribe now!