SimpleShell

Appearance

Install & Configure Fail2Ban

This post explains how to install & configure Fail2Ban on Debian or Ubuntu and which commands are useful.

Installation

  1. Update packages and install Fail2Ban
sh
sudo apt update
sudo apt install fail2ban
  1. Check Fail2Ban service status
sh
sudo systemctl status fail2ban
  1. Enable auto start for Fail2Ban service
sh
sudo systemctl enable fail2ban

Configuration

  1. Create a copy of the Fail2Ban jail.conf
sh
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  1. Open the editor for the jail.local file
sh
sudo nano /etc/fail2ban/jail.local

Search for the section [sshd] and set the settings like this:

yaml
[sshd]
enabled = true
port = ssh
bantime = 1h
findtime = 10m
maxretry = 5

Save with CTRL + X / Y / Enter

Usefull Commands

View the status of all jails from sshd

sh
sudo fail2ban-client status sshd

Manually unblock an IP address

sh
sudo fail2ban-client set sshd unbanip <ip>

Block an IP address manually

sh
sudo fail2ban-client set sshd banip <ip>

Reload configuration

sh
sudo fail2ban-client reload