This guide assumes that you are running a modern version of Ubuntu x64.
Run the following commands to install Fail2ban.
sudo apt-get update
sudo apt-get install fail2ban
The the default configuration file is located as follows.
/etc/fail2ban/jail.conf
To avoid possible conflict, you should make a copy of it. For this example, we will call it jail.local
.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now that we have a backup, let’s begin editing. Open the jail.local
file in your favorite text editor.
sudo vi /etc/fail2ban/jail.local
You may use my config example below. It is configured for SSH. There are some settings that you may want to tweak, such as:
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 1800
maxretry = 4
[ssh-route]
maxretry = 3
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@your-domain.com]
Once you have made any configuration changes, restart Fail2ban and you’re good to go.
sudo service fail2ban restart
]]>