Fail2ban with Ubuntu

  1. Intro
  2. The guide
    1. Configure fail2ban
    2. Unlock a banned client
    3. Check the fail2ban status for the sshd jail
    4. List banned  IP-addresses
    5. Unbanning IP address from all jails
  3. Sources

 

 

Intro

This is a quick and dirty fail2ban setup for Ubuntu and intended to be used as a quick-note.

I won't go into details here, as those are mostly covered in the Fail2ban howto for CentOS, which can be found here; Fail2ban with CentOS 6.

 

 

The guide

Install fail2ban.

# apt install fail2ban

 

 

Configure fail2ban

Copy jail.conf to jail.local and only add the settings we want to change there.

# cd /etc/fail2ban
# cp jail.conf jail.local
# nano jail.local

 

We'll ignore the connection from 192.168.0.100 as we don't want to get locked out while poking about on our own servers from my main workstation.

We're adding port 522 in addition to the default ssh port 22, as it could be used for some of the externally exposed servers.

The below are the contents of jail.local.

 

[DEFAULT] 
ignoreip = 127.0.0.1/8 ::1 192.168.0.0/24
 
[sshd] 
enabled = true 
port    = ssh,522 
#ignoreip = 192.168.0.100

 

Restart the fail2ban daemon and we're good to go.

# systemctl restart fail2ban.service

 

 

Unlock a banned client

# fail2ban-client set sshd unbanip 192.168.0.100

 

 

Check the fail2ban status for the sshd jail

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     6
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 0
   |- Total banned:     1
   `- Banned IP list:

 

 

List banned  IP-addresses

If the IP address you just unbanned is not listed in the output below, it means the IP isn't banned anymore.

# fail2ban-client set sshd unbanip 192.168.0.100

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 7
| `- File list: /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 1
   `- Banned IP list: xxx.yyy.zzz.nnn

 

 

Unbanning IP address from all jails

Note that you don't specify a praticular jail with this command, ie "set sshd".

# fail2ban-client unban xxx.yyy.zzz.nnn

 

 

Sources

https://serverfault.com/questions/841183/how-to-show-all-banned-ip-with-fail2ban

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/

https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04

https://linuxhint.com/unban-ip-fail2ban/

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

 

 

 

 

 

 

 

 

 

 

 

 

 

Hits: 1102

Related articles

Popular tags

linux 120 CentOS 48 Windows 34 Ubuntu 31 Kubuntu 17 notes 15 ssh 14 virtualbox 12 vbox 11 CLI 10 server 9 vbix 9 Debian 8 delete 8 backuppc 7

Stop Spam Harvesters, Join Project Honey Pot

  

Get a free SSL certificate!

  

The leading nonprofit defending digital privacy, free speech, and innovation.

  

The Linux Foundation provides a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

  

Kubuntu is an operating system built by a worldwide community of developers, testers, supporters and translators.

  

 43ef5c89 CanonicalUbuntudarktext