In summary, how Fail2ban works: It actively looks for signs of possible misuse of password authentication in order to filter out IP addresses and regularly update the system firewall to block these IP addresses for a certain period of time.
This quick guide will show you how to set up Fail2ban on your Ubuntu 20.04 system.
Update the official package list
We will get fail2ban from the official Ubuntu repositories. Start the Terminal and enter the following command to update the package list for the latest available version of Fail2ban:
Then enter the following command to install the updated Fail2ban package:
The fail2ban service is automatically activated and started during installation.
Still, you should check that it was installed correctly. Run the following command to verify the installation:
If the active Line in the output contains active (ongoing), You are all good. Let’s go ahead and see how you configure Fail2ban.
Configure Fail2ban on Ubuntu 20.04
To configure Fail2ban on Ubuntu, we edit two specific configuration files. One is jail.conf by doing / etc / fail2ban / Place, and the other is called defaults-debian.conf in /etc/fail2ban/jail.d/. But to maintain its integrity we will not edit it directly as this could potentially damage the program and we most certainly will not be able to update the software. Instead, we make copies of each and edit them.
Run the following command to copy and paste jail.conf as jail.local:
We’ll commit to changing that particular file in this tutorial. Start the copy in a text editor to begin editing. Run the following command:
Let’s see what changes we can make.
Configure IP blocking parameters
The blocking time of all IP addresses is set by a parameter that is called. is known bantime. The set value for bantime by default it is only 10 minutes. You can change the value to whatever time limit you want to impose on the banned. For example, to set the bantime for all blocked IP addresses, you can set it as follows:
You can also apply permanent locks by assigning a negative value.
Another very important variable is find time. It defines the length of time allowed between successive login attempts. If the multiple login attempts within the find time, a ban would be placed on the IP.
Finally there is maxretry. It defines the exact number of failed login attempts that occurred within the find time. If the number of failed authorization attempts is within the find time exceeds the maxretry Worth, the IP would be excluded from logging in again. The default is 5.
Fail2ban also allows you to grant immunity to IP addresses and IP ranges of your choice. These conditions described above are not applied to these IPs so you can essentially create a whitelist of sorts.
To add an IP address to this whitelist, change the line ignoreip and enter the IP address to be excluded:
As an administrator, you should above all add your IP address to this whitelist.
This tutorial showed you how to set up Fail2ban on Ubuntu. We installed it straight from the standard Ubuntu repositories. We also looked at how we can configure it and in what ways. You should now know how to set revocation conditions and exclude IPs from being revoked.