1 minute read

How to install Fail2Ban on Ubuntu to avoid the attacks from threat actors and bots

To install fail2ban on Ubuntu, you can follow these steps:

  1. Open a terminal window.

  2. Update the package list using the command:
    sudo apt-get update
  3. Install fail2ban using the command:
    sudo apt-get install fail2ban
  4. Once the installation is complete, you can configure fail2ban by editing the configuration file located at /etc/fail2ban/jail.conf.

For example, you can add a new jail section for SSH protection by copying the following lines to the bottom of the file:

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
banaction = iptables-multiport

This configuration will monitor the SSH logs for failed login attempts and ban the IP address after three failed attempts.

After making any changes to the configuration file, save and close the file.

Finally, start fail2ban using the command:

sudo systemctl start fail2ban

You can also enable fail2ban to start automatically at boot time using the command:

sudo systemctl enable fail2ban

With this, fail2ban should be up and running on your Ubuntu system, monitoring logs for suspicious activity and taking necessary actions to secure your system.

Check out the Abuse IP Database for a great list of known attackers that could be integrated into your fail2ban configuration.