Intro

This is a quick and dirty fail2ban setup for Ubuntu and intended to be used as a quick-note.

I won't go into details here, as those are mostly covered in the Fail2ban howto for CentOS, which can be found here; Fail2ban with CentOS 6.

 

 

The guide

Install fail2ban.

# apt install fail2ban

 

 

Configure fail2ban

Copy jail.conf to jail.local and only add the settings we want to change there.

# cd /etc/fail2ban
# cp jail.conf jail.local
# nano jail.local

 

We'll ignore the connection from 192.168.0.100 as we don't want to get locked out while poking about on our own servers from my main workstation.

We're adding port 522 in addition to the default ssh port 22, as it could be used for some of the externally exposed servers.

The below are the contents of jail.local.

 

[DEFAULT] 
ignoreip = 127.0.0.1/8 ::1 192.168.0.0/24

[sshd]
enabled = true
port    = ssh,522
#ignoreip = 192.168.0.100

 

Restart the fail2ban daemon and we're good to go.

# systemctl restart fail2ban.service

 

 

Unlock a banned client

# fail2ban-client set sshd unbanip 192.168.0.100

 

 

Check the fail2ban status for the sshd jail

# fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 6 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 1 `- Banned IP list:

 

 

List banned  IP-addresses

If the IP address you just unbanned is not listed in the output below, it means the IP isn't banned anymore.

# fail2ban-client set sshd unbanip 192.168.0.100

# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 7
| `- File list: /var/log/auth.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 1
   `- Banned IP list: xxx.yyy.zzz.nnn

 

 

Unbanning IP address from all jails

Note that you don't specify a praticular jail with this command, ie "set sshd".

# fail2ban-client unban xxx.yyy.zzz.nnn

 

 

Sources

https://serverfault.com/questions/841183/how-to-show-all-banned-ip-with-fail2ban

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/

https://www.digitalocean.com/community/tutorials/how-to-protect-an-apache-server-with-fail2ban-on-ubuntu-14-04

https://linuxhint.com/unban-ip-fail2ban/

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

 

 

 

 

 

 

 

 

 

 

 

 

 

Stop Spam Harvesters, Join Project Honey Pot

 

Get a free SSL certificate!

 

The leading nonprofit defending digital privacy, free speech, and innovation.

 

The Linux Foundation provides a neutral, trusted hub for developers and organizations to code, manage, and scale open technology projects and ecosystems.

 

Kubuntu is an operating system built by a worldwide community of developers, testers, supporters and translators.

 

 43ef5c89 CanonicalUbuntudarktext