If you’re like most people, you probably use a computer for work, entertainment, and communication. You might also use your computer to run a small business or to provide support for your family. Regardless of what you do with your computer, one thing is certain: You need to protect it from unauthorized access. One way to do this is to install fail2ban on your Ubuntu 18.04 (Bionic Beaver) system. fail2ban is a software application that helps you protect your computer by blocking unauthorized access attempts. In this article, we’ll show you how to install fail2ban on Ubuntu 18.04 (Bionic Beaver) using the official repositories. Before You Begin Before you can install fail2ban on Ubuntu 18.04 (Bionic Beaver), you’ll need the following: A Ubuntu 18.04 (Bionic Beaver) system with at least 1GB of RAM and 50GB of free disk space A sudo account A firewall enabled on your system The IP addresses of the computers that you want to allow access to through the firewall The SSH keys of the computers that you want to allow access to through the firewall To create a sudo account, type the following command into Terminal: sudo adduser username . This will add a new user named username with full privileges on your system. To create an SSH key for a computer, type the following command into Terminal: ssh-keygen -t rsa . This will generate an SSH key for the computer named example . Copy this key onto each of the computers that you want to allow access to through your firewall using Terminal: ssh-copy-id example@192 . 168 . 1 . 2 . Finally, enable firewalling on each of these systems by typing the following commands into Terminal: ufw enable && ufw status && ufw allow from 192 . 168 . 1 . 2 /32 ..
These can be executed on any remote server/VPS running recent versions of Ubuntu; although the process was carried out by myself on 18.04. If you’re not familiar with Fail2ban, the start of this brief guide refers to two good resources you can read up on. One more up to date than the other.
The purpose of this post is to serve as background for a follow up post which uses Ansible to install the Fail2ban package and configuration more efficiently (linked at the end).
Installing Fail2ban
Several of the instructions for this process are taken and adapted from an older article on DigitalOcean. They’re intended for Ubuntu 14.04 but are still overall suitable on Bionic:
It might be better to read through this more up to date Linode article instead however to understand what Fail2ban is, how it works, and most importantly what different values to place into the configuration files. Otherwise, this may not make complete sense before doing so.
It may even be more preferable to follow the Linode guide in its entirety, but that’s up to you! See here: Linode – “Use Fail2ban to Secure Your Server”
On the remote Ubuntu server in question, update the system package index.
[alert-announce]$ sudo apt-get update -y[/alert-announce]
Download and acquire the fail2ban plus sendmail packages.
[alert-announce]
$ sudo apt-get install fail2ban sendmail
[/alert-announce]
Sendmail (if not present by default) is required for Fail2ban to generate notification emails.
Copy the base Fail2ban config into a new jail.local file, in order to begin adding in the config options we want to be overridden and applied:
[alert-announce]
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
[/alert-announce]
Here’s where an understanding of the configuration is very much necessary.
Having a working firewall such as UFW on Ubuntu is also a background assumption I’m working with here, as the two can work together, and a firewall’s kinda mandatory anyway of course.
Open the newly copied jail.local file.
[alert-announce]
$ sudo vim /etc/fail2ban/jail.local
[/alert-announce]
Add in your sensible Fail2ban configuration blocks and values now; this is my example file contents, should you want to make use of them:
[alert-announce]
/etc/fail2ban/jail.local
[DEFAULT] # email address to receive notifications.
destemail = [email protected] # the email address from which to send emails.
sender = [email protected]
[/alert-announce]
Lastly here enable the Fail2ban service on system startup.
[alert-announce]
$ sudo systemctl service enable fail2ban
[/alert-announce]
Then start the service so it’s currently active.
[alert-announce]
$ sudo systemctl service start fail2ban
[/alert-announce]
Fail2ban is now up and running – assuming you entered proper configuration options and have no syntax errors.
As an alternate to using Systemd, restarting the entire Fail2ban server reports any runtime errors, should there be any issue, so…
[alert-announce]
$ fail2ban-client restart
[/alert-announce]
Fix any reported problems in the output, and then restart again.
There’s also a command to confirm the status of the server/jails.
Try it out:
[alert-announce]
$ fail2ban-client status
[/alert-announce]
More specific information about the sshd jail we created in the config file is retrievable with:
[alert-announce]
$ fail2ban-client status sshd
[/alert-announce]
Many more useful commands for you to explore are available, indexed at the following wiki: Fail2ban Client CLI Commands
Fail2ban is now installed, running, and working!
Add more jails and actions for other services to expand upon it.
The post leading on from this one achieves the same end result but using Ansible configuration management to do the job.
