Securing Your Ubuntu Server with Fail2ban: Step-by-Step Guide

Ensuring the security of your Ubuntu server is vital to protect it from unauthorized access and malicious attacks. Fail2ban is an excellent tool that enhances server security by dynamically blocking suspicious IP addresses. In this step-by-step guide, we will explore how to secure your Ubuntu server using Fail2ban.

Step 1: Update System Packages Before installing any new software, it's essential to ensure that your system packages are up to date. Run the following commands:

sudo apt update
sudo apt upgrade        

Step 2: Install Fail2ban using the package manager:

sudo apt install fail2ban        

Step 3: Once Fail2ban is installed, you need to configure it to protect your server. The main configuration file is located at /etc/fail2ban/jail.conf However, it's recommended to create a local copy for customization:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local        

Step 4: Open the Fail2ban configuration file with a text editor:

sudo nano /etc/fail2ban/jail.local        

Search for these words in previously made file and adjust them how you want (with ctrl+w):

• Review the enabled option to ensure it is set to true for the services you want to secure.
• Adjust the bantime option to set the duration (in seconds) for which an IP address should be banned.
• Set the findtime option to specify the time window (in seconds) during which failed login attempts will be counted.
• Define the maxretry option to determine the maximum number of login failures before an IP address gets banned.
• Define which IP address should be ignored in case of incorrect entries

Step 5: Once you've configured Fail2ban, enable and start the service using the following commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban        

Wait for several hours and type this command, you will see how important was to secure your ubuntu server:

sudo tail -f /var/log/fail2ban.log