×

This article covers how to install Fail2ban and protect SSH from illegitimate attempts. For webmasters or anyone managing Linux server that is accessible over the Internet, the risks of the server being compromised is high, so implementing best security practices to help mitigate these attacks should be a priority. In fact, Fail2ban is a tool that help protect Linux servers from brute force and other automated attacks by monitoring the services logs for malicious activity. It uses regular expressions to scan the server's logs for malicious attempts and bans offending IPs for a specific length of time using the system's firewall.


How to Install Fail2ban on any Linux system ?

Fail2ban packages are automatically included in Ubuntu repositories. To install it, simply run the commands below:

$ sudo apt update
$ sudo apt install fail2ban

Once the installation is complete, the service should automatically start up and ready to be configured.

To check if the service is up and operational, run the commands below:

$ sudo systemctl status fail2ban



This article covers how to define a new UFW rule for limiting SSH access on your Linux Mint 20 system. In fact, UFW, short for "uncomplicated firewall", is a frontend for the more complex iptables utility. It's designed to make managing a firewall as simple as setting ports to be open and closed, and regulating what traffic is allowed to go through.


How to install UFW on Ubuntu / Debian ?

UFW is installed by default in Ubuntu, but if it's not you can install it from apt:

$ sudo apt-get install ufw

If you're running another distro, you'll have to use that distro's package manager, but UFW is widely available. You can check the status of the firewall with:

$ sudo ufw status



This article covers the installation of Fail2ban and the configuration of an sshd filter. There are so many options to configure but we focused on the basic ones. Feel free to peruse the Fail2ban man pages by running man fail2ban to discover what more you can do with it.

Fail2ban is a free, open-source and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them (updates firewall rules to reject the IP addresses). 

By default, it ships with filters for various services including sshd.


To install  and configure Fail2ban on CentOS/RHEL 8:

1. After logging into your system, access a command-line interface, then enable the EPEL repository on your system:

# dnf install epel-release

OR

# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

2. Afterward, install the Fail2ban package by running the following command:

# dnf install fail2ban

3. To start and enable the fail2ban service for now and check if it is up and running using the following systemctl command:

# systemctl start fail2ban
# systemctl enable fail2ban
# systemctl status fail2ban




More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com