Fail2ban is an intelligent Utility that scans log files to mitigate malicious attacks on your server. The tool blocks IP addresses that lead to too many password failures.
If you are running Ubuntu 18.04 VPS, then Fail2ban should give your server an edge in fighting hackers automatically. The software can update firewall rules on its own to block IP addresses trying to exploit your server.
Fail2ban has excellent features that limit unauthorized access to your server especially through services such as SSH (Secure Shell), Apache web server, Courier Mail server, FTP and more.
In this guide, we will show you how you can setup and customize fail2ban to protect your Ubuntu 18.04 server.
- A VPS web hosting plan (need help? consult with our VPS hosting reviews)
- A non-root username that can perform sudo tasks
- Shell access to your Linux server. You can use PuTTY if you are running windows or default command line terminal on Linux and Mac.
Step 1: Update the Package Information and Install Fail2ban
First, we need to make sure we have the latest package list from the Ubuntu repository. To get the newest versions of the packages and their dependencies, run the command below:
$ sudo apt-get update
We can now install Fail2ban:
$ sudo apt-get install fail2ban
Press Y and hit Enter when prompted to confirm the installation.
Step 2: Understanding Fail2Ban configuration file
Fail2Ban comes with default filtering rules but you might create your own configuration file to customize different security settings depending on your needs.
The default configuration file (‘/etc/fail2ban/jail.conf’) should never be edited because it can be improved or overwritten in a distribution update or during upgrades.
The default behavior of Fail2ban is to read ‘.conf’ files first followed by ‘.local’ files. That means you should create your own ‘.local’ file if you want to provide your own customizations and override the default settings.
If you want multiple configuration files to handle the security of each service separately, put the ‘.local’ files under ‘/etc/fail2ban/jail.d’ directory.
Step 3: Creating a custom configuration file
Although we can create a default configuration file from scratch, we can just copy the default configuration file and only edit the settings that we want to override.
To do this, run the command below
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
To edit the new configuration file, open it using a nano editor:
$ sudo nano /etc/fail2ban/jail.local
We may wish to edit the settings under the [DEFAULT] entry:
[DEFAULT] ... $ bantime =10m $ findtime =10m $ maxretry=5 ...
The settings above all applied for every service that does not have the entries overridden in the services own section.
- ‘bantime’ represents the time that a host is banned before it can be allowed to try the service again.
- ‘findtime’ is the maximum amount of time fail2ban should wait before banning a host if it has generated the maximum retries allowed for a particular service.
- ‘maxretry’ indicates the number of failures that a host should generate before it is banned by the server
The default settings above indicate that a host will be blocked for 10 minutes if it generates more than 5 failed attempts within 10 minutes.
You can modify these settings to suit your needs
Towards the bottom of the files, the configuration files contain information for each service running on the server.
You may tweak the settings of each service depending on your needs.
Once you are through editing the file. Press CTRL+X, Y, and Enter to save the file.
In this guide, we have shown you how to install Fail2Ban on Ubuntu 18.04 VPS server. We have also discussed how Fail2Ban treats configuration file and went ahead to create a file to handle our custom settings. You can use all these steps to stop malicious users from hacking your Ubuntu 18.04 server.