Linux Server Install: Part 13
Might want to install fail2ban on this server, bruh.
Previous
To install fail2ban on an Ubuntu server, you can follow these steps:
- Start by updating the package index on your server with the following command:
sudo apt-get update- Once the package index is up to date, you can install fail2ban with the following command:
sudo apt-get install fail2ban- After the installation is complete, you can start the fail2ban service with the following command:
sudo service fail2ban start- To make sure that fail2ban starts automatically whenever the server is restarted, you can enable it with the following command:
sudo systemctl enable fail2banDuplicate the fail2ban configuration to a local version, you can use the cp command to copy the global configuration file to a local version. For example, to duplicate the /etc/fail2ban/jail.conf file to /etc/fail2ban/jail.local, you can use the following command:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localThis will create a local copy of the jail.conf file that you can edit without modifying the global configuration.
Duplicate the fail2ban.conf file in the same way, you can use the following command:
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.localCheck that the fail2ban.local configuration file has loglevel set to INFO and logtarget to /var/log/fail2ban.log
sudo nano /etc/fail2ban/fail2ban.local
Modify the jail.local configuration file and set the bantime to 15 minutes, the findtime to 15 minutes, maxretry to 5, and backend to systemd.
sudo nano /etc/fail2ban/jail.local
Once you have saved the changes, you will need to restart the fail2ban service for the changes to take effect. You can restart the service.
sudo service fail2ban restartCheck the status of fail2ban.
sudo systemctl status fail2banThis will output the current status of the fail2ban service, including whether it is running and whether it is enabled to start automatically on system boot.
If the service is not running, you can start it with the following command:
sudo systemctl start fail2banAnd if the service is not enabled to start automatically on system boot, you can enable it with the following command:
sudo systemctl enable fail2bansudo fail2ban-client status
This output shows that there are two active jails: ssh-iptables and apache-auth. To display detailed information about each of these jails, you can use the status subcommand with the name of the jail.
ere is an example of the output you might see when you run the sudo fail2ban-client status --name sshd command:
This output shows detailed information about the sshd jail, including the log file that is being monitored, the number of failed login attempts, and the number of banned IP addresses.
That’s about it…although other things you might want to consider are configuring backups, and remote logging & monitoring with something like Prometheus, but those are topics for a another tutorial.
