Personal Website - Blog 3 - Fail2Ban - What is it?

Last Updated: 4/15/2024, 11:30 PM

Introduction to Fail2Ban

Fail2Ban is an easy-to-understand system that helps secure servers.

Why do you need it?

It helps stop hackers from things like brute force attacks. In the security world, a simple improvement like this is a great addition to a more secure server, aside from a bunch of other things, that is.

How do you install it?

It's installed by using a package manager, for example:

Ubuntu:
sudo apt install fail2ban
Fedora:
sudo dnf install fail2ban

There are many ways to install this; however, you must be absolutely certain you are installing the correct package.

Sometimes you could accidentally install the wrong package if there is a minor typo.

Security starts at the ground level.

How does it work?

Fail2Ban contains several features, but it is mostly straightforward. Let's dive into the commands and more with this excellent tutorial.

#Video 1#

[1] Leviathan, Fail2Ban on the Raspberry Pi Part 1 - Install (May 2017) Accessed: Nov. 20, 2023. [Streaming Video]. Available: https://www.youtube.com/watch?v=nSOYd2zSQhg&t=1s

#Commands:#

#Change your password#

passwd

#Update#

sudo apt-get update && sudo apt-get upgrade

#Install fail2ban#

sudo apt-get install fail2ban

#Config file#

sudo nano /etc/fail2ban/jail.local

#Example configuration#


                [ssh]
        
                enabled = true
                port = ssh
                filter = sshd
                logpath = /var/log/auth.log
                bantime = 900
                banaction = iptables-allports
                findtime = 9000
                maxretry = 2
            

#To restart fail2ban#

sudo service fail2ban restart

#To view banned IPs#

sudo iptables -L -n --line enabled=true should be enabled=true

#Unban#

fail2ban-client set sshd unbanip IPADDRESS

#Video 2#

[2] Leviathan, Fail2Ban on the Raspberry Pi Part 2 - Logs and Unbanning IPs (May 2017). Accessed: Nov. 20, 2023. [Streaming Video]. Available: https://www.youtube.com/watch?v=X9HWWUWU-1w

#Commands:#

#Unban#

iptables -D fail2ban-ssh $rowNumber$

#Open facing Internet Banned IPs#

awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n

#For newer versions of fail2ban#

sudo iptables -D f2b-ssh 1