Saturday, December 28, 2024
Google search engine
HomeSecurity & TestingFail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian

Fail2Ban Installation & Setup: Ubuntu, CentOS, Fedora & Debian

Introduction

Fail2banĀ is a software that protects your server from brute force attacks. It does this by monitoring server logs and detecting any suspicious activity.

The program detects when there is an unreasonable number of failed attempts and automatically adds new toĀ iptablesĀ that block the given IP. This IP (or host) is then blocked for a specified time or indefinitely.

Therefore, installing this log-monitoring software is an excellent way to provide another layer to your server security. Still, can only be one part of your overall server security plan. Explore more measures with theseĀ 21 Server Security Tips.

In this tutorial, you will learn how to install and configure Fail2ban on your server.

Tutorial on how to secure your server with Fail2ban.Tutorial on how to secure your server with Fail2ban.

Prerequisites

  • Access to aĀ command-lineĀ /Ā terminal window
  • Access to a user account withĀ sudoĀ or root privileges

Install Fail2ban

How to install Fail2ban depends on the operating system running on your server. Below you will find commands for installing and enabling Fail2ban onĀ Ubuntu,Ā CentOS,Ā Fedora, andĀ Debian.

Important: Fail2ban is not a replacement for software firewalls, such as iptables. It is intended as another security layer and should not be a replacement for a firewall.

Install Fail2ban on Ubuntu

1. Before adding new packages, itā€™s important toĀ updateĀ the system repository andĀ upgradeĀ software. To do so, run the command:

apt-get update && apt-get upgrade

PressĀ yĀ to confirm and hitĀ Enter.

2. Now you canĀ install Fail2banĀ with:

apt-get install fail2ban

3. Optionally, you canĀ install SendmailĀ for email support:

apt-get install sendmail

4. Next, you need toĀ allow SSH accessĀ through the firewall:

ufw allow ssh

5. Finally,Ā enable the firewall:

ufw enable

Install Fail2ban on CentOS

1. To install Fail2ban on CentOS, you need theĀ EPEL repository. Update the system and add the repository by running:

yum update && yum install epel-release

2. With the EPEL repository set up,Ā install Fail2banĀ with the command:

yum install fail2ban

3. Next, you need toĀ start the Fail2ban service and enable itĀ upon boot:

systemctl start fail2ban
systemctl enable fail2ban

4. For email support, you canĀ install SendmailĀ with:

yum install sendmail

5. ToĀ start and enable SendmailĀ service run:

systemctl start sendmail
systemctl enable sendmail

Install Fail2ban on Fedora

1. Start byĀ updating the system:

dnf update

2. Then,Ā install Fail2banĀ andĀ SendmailĀ (optional, if you need email support):

dnf install fail2ban
dnf install sendmail

3. As these services do not start automatically on Fedora, you need toĀ start and enableĀ them with:

systemctl start fail2ban
systemctl enable fail2ban
systemctl start sendmail
systemctl enable sendmail

Install Fail2ban on Debian

1.Ā Update and upgradeĀ the system:

apt-get update && apt-get upgrade -y

PressĀ yĀ andĀ EnterĀ to confirm.

2. Then,Ā install Fail2banĀ with the command:

apt-get install fail2ban

3. For email support, you can alsoĀ install SendmailĀ using the command:

apt-get install sendmail-bin sendmail

Note: Check out our comprehensive comparison of CentOS vs Ubuntu for web servers.

Configure Fail2ban

Configure Fail2ban by editing the following configuration files:

  • fail2ban.local file
  • jail.local file

Configure fail2ban.local File

Fail2ban defines its global configuration in theĀ fail2ban.confĀ file. The file consists of the default configuration and is generally not advised to modify.

All changes to the configuration should be done in a separateĀ fail2ban.localĀ file.

1. Therefore, the first thing to do is to copy the content of theĀ .confĀ file into aĀ .localĀ file. The command to do so is:

cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

2. There will be no output after this command. The next step is to open the fail2ban.local file using a text editor of your choice:

nano fail2ban.local

3. You should see a file similar to the image below:

Fail2ban configuration file.Fail2ban configuration file.

In this example, the comments in blue explain each option and its possible values. The white lines are the options you can modify and they include:

  • loglevelĀ ā€“ Set the log level output toĀ CRITICAL,Ā ERROR,Ā WARNING,Ā NOTICE,Ā INFO, orĀ DEBUG.
  • logtargetĀ ā€“ Set the log target, which can be either aĀ FILE,Ā SYSLOG,Ā STDERR, orĀ STDOUT.
  • syslogsocket ā€“ Set the syslog socket file toĀ autoĀ orĀ FILEĀ (this is only used if theĀ logtargetĀ is set toĀ SYSLOG)
  • socketĀ ā€“ Set the socket file which is used to communicate with the daemon. Make sure not to remove this file. Itā€™s default path is:Ā /var/run/fail2ban/fail2ban.sock
  • pidfileĀ ā€“ Set the PID file which is used to store the process ID of the fail2ban server. The default location is:Ā /var/run/fail2ban/fail2ban.pid

Configure jail.local File

Another Fail2ban configuration file you may need to modify is theĀ jail.confĀ file which includes jails defining Filters with Actions.

Just like with the global configuration, theĀ jail.configĀ file should not be directly modified. Instead, all customization should be made in theĀ jail.localĀ file.

1. If you do need to make some changes, copy the content of theĀ .confĀ file into aĀ .localĀ file:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

2. Open the jail.local file with a text editor of your choice:

nano jail.local

3. You should see the following content:

Fail2ban jail.local file.Fail2ban jail.local file.

There you can set the following options:

  • ignoreselfĀ ā€“ Specify if the local IP address should be ignored by setting the valueĀ trueĀ (default) orĀ false.
  • ignoreipĀ ā€“ Allows you to specify IP addresses, CIDR masks or DNS hosts which should be banned. Separate multiple addresses with space.
  • ignorecommandĀ ā€“ Define theĀ path/to/commandĀ if one should be ignored.
  • bantimeĀ ā€“ Specify the number of seconds a host is banned (the default beingĀ 600)
  • maxretryĀ ā€“ The number of failures allowed before a host is banned (by default set toĀ 5).
  • findtimeĀ ā€“ The time in which the host should not use up the maxretry number in order not to get banned (generically set toĀ 10Ā minutes). For example, if a host fails 5 times in 10 minutes, it gets banned for 600 seconds.
  • backendĀ ā€“ Specify the backend used to get files modification. If you are using CentOS or Fedora, you need to set the backend toĀ systemd. The default valueĀ autoĀ is sufficient for other operating systems.
  • [ssh]Ā ā€“ by default, Fail2ban has no enabled jails. Therefore, you need to do this manually by adding the jails to the configuration file. For instance, you can enable the SSH daemon jail by uncommenting (removingĀ #) the linesĀ [ssh]Ā andĀ enabled = true.
Enable ssh daemon jail in Fail2bal jail.local file.Enable ssh daemon jail in Fail2bal jail.local file.
  • destemailĀ ā€“ Specifies the email address where you want to receive notifications
  • senderĀ ā€“ Defines the email address from where you receive notifications

Additional jail.local Configurations

You can also set additional configurations in the jail.local file, such as for SSH and iptables. These options include:

  • banactionĀ ā€“ Specifies the default action that is used when theĀ maxretry is reached.
  • banaction_allportsĀ ā€“ Allows you to label an IP that should be blocked in every port.
  • port ā€“ The value should correspond to the set service. This could beĀ sshĀ or a port number (if you are using an alternative port).
  • filter ā€“ The file name containing the failregex information, located inĀ /etc/fail2ban/filter.d.

Restart the Service

If you have made any changes to theĀ fail2ban.localĀ andĀ jail.localĀ files, make sure to restart the fail2ban service.

ToĀ restart the fail2ban serviceĀ with the new configuration, run the command:

service fail2ban restart

Conclusion

By following this guide, you should have been able to install and set the basic configuration for Fail2ban.

Fail2ban is an excellent tool for adding another security layer. It is especially effective against SSH brute force attacks.

Was this article helpful?
YesNo

Dominic Rubhabha-Wardslaus
Dominic Rubhabha-Wardslaushttp://wardslaus.com
infosec,malicious & dos attacks generator, boot rom exploit philanthropist , wild hacker , game developer,
RELATED ARTICLES

Most Popular

Recent Comments

ź°•ģ„œźµ¬ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
źøˆģ²œźµ¬ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ź“‘ėŖ…ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ź“‘ėŖ…ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ė¶€ģ²œģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
źµ¬ģ›”ė™ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ź°•ģ„œźµ¬ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ģ˜¤ģ‚°ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ź“‘ėŖ…ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ģ•ˆģ–‘ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ė¶€ģ²œģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ė™ķƒ„ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ģ„œģšøģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ė¶„ė‹¹ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ė¶€ģ²œģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ķ™”ź³”ė™ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ź°•ģ„œźµ¬ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ź³ ģ–‘ģ¶œģž„ģ•ˆė§ˆ on How to store XML data into a MySQL database using Python?
ķ™”ģ„±ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?
ģ²œķ˜øė™ģ¶œģž„ė§ˆģ‚¬ģ§€ on How to store XML data into a MySQL database using Python?