computer_science:linux:hardening:linux_fail2ban

Using Fail2Ban on Linux

Use your package manager of choice to install fail2ban. In my case, since I'm using Ubuntu:

sudo apt install fail2ban

There are two main configuration files in Fail2Ban:

  • /etc/fail2ban/fail2ban.conf

This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here.

  • /etc/fail2ban/jail.conf

This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc.

Start by creating a local copy of the files with:

cd /etc/fail2ban &&
cp jail.conf jail.local &&
cp fail2ban.conf fail2ban.local

Edit the files at your will. The recommendation is to leave the .conf files alone, and change only the .local files.

jail.local

bantime = 30m
findtime = 24m # Set FindTime for an entire day
maxretry = 5

fail2ban.local

Start the service with:

systemctl start fail2ban

If you don't receive any error, set it to auto run with:

systemctl enable fail2ban

You can check the log with:

cat /var/log/fail2ban.log

See banned IPs with:

fail2ban-client status <jail-name>

Unban an IP with:

fail2ban-client set <jail-name> unbanip <ip-address>

Add a Whitelist IP with:

fail2ban-client set <jail-name> addignoreip <ip-address>
  • computer_science/linux/hardening/linux_fail2ban.txt
  • Last modified: 2023/12/01 12:07
  • by 127.0.0.1