engineering:computer_science:linux:hardening:linux_fail2ban

Using Fail2Ban on Linux

Install Fail2Ban

Use your package manager of choice to install fail2ban. In my case, since I'm using Ubuntu: 

sudo apt install fail2ban

Configure Fail2Ban

There are two main configuration files in Fail2Ban:

  • /etc/fail2ban/fail2ban.conf

This is the configuration file for the operational settings of the Fail2Ban daemon. Settings like loglevel, log file, socket and pid file is defined here.

  • /etc/fail2ban/jail.conf

This is the file where you can configure things like default ban time, number of reties before banning an IP, whitelisting IPs, mail sending information etc.

Start by creating a local copy of the files with: 

cd /etc/fail2ban &&
cp jail.conf jail.local &&
cp fail2ban.conf fail2ban.local

Edit the files at your will. The recommendation is to leave the .conf files alone, and change only the .local files.

A Recommendation

jail.local 

bantime = 30m
findtime = 24m # Set FindTime for an entire day
maxretry = 5

fail2ban.local

Enable Fail2Ban

Start the service with: 

systemctl start fail2ban

If you don't receive any error, set it to auto run with: 

systemctl enable fail2ban

Log and Management

You can check the log with: 

cat /var/log/fail2ban.log

See banned IPs with: 

fail2ban-client status <jail-name>

Unban an IP with: 

fail2ban-client set <jail-name> unbanip <ip-address>

Add a Whitelist IP with: 

fail2ban-client set <jail-name> addignoreip <ip-address>
  • engineering/computer_science/linux/hardening/linux_fail2ban.txt
  • Last modified: 2024/08/16 13:56
  • by carlossousa