Fail2ban is an application that allows you to block remote access to a machine after a configurable number of failed attempts. This behavior prevents unauthorized access to third parties.
Step 1 – Installation
sudo apt update
sudo apt install fail2ban
Step 2 – Most relevant settings
After installation, fail2ban runs with the default settings.
All fail2ban configurations are in default /etc/fail2ban/.
See original configuration file:
cat /etc/fail2ban/jail.conf
This file is divided into sections marked with [].
Changes can be made in each section or only in the section DEFAULT.
Create the configuration file:
sudo nano /etc/fail2ban/jail.d/ssh.conf
With the following content:
[sshd]
findtime = 600
bantime = 3600
maxretry = 3
(Bantime is in seconds)
Restart the service:
sudo systemctl restart fail2ban.service
Step 3 (Optional) – Enable Email Warnings
To enable email warnings simply:
Create a new configuration file:
sudo nano /etc/fail2ban/jail.d/default.conf
With the following content:
[DEFAULT]
destemail = omeumail@omeudominio.pt
action = %(action_mw)s
For emails to travel, an MTA service must be installed on the server.
If not present you can install the sendmail:
sudo apt install sendmail
sudo sendmailconfig
[ENTER]
[ENTER]
[ENTER]
Step 4 (Optional) – Clear Banned IP
Find currently banned IPs:
sudo fail2ban-client status sshd
Clear IP with:
sudo fail2ban-client set sshd unbanip 192.168.1.2**
Or remove all fail2ban history:
sudo rm /var/lib/fail2ban/fail2ban.sqlite3
VERY IMPORTANT!!
Each time you change any settings you must restart the service.
For more information there is always the Ubuntu documentation:
https://help.ubuntu.com/community/Fail2ban.