Install Fail2ban on Ubuntu 16
Install Fail2ban on Ubuntu 16
Date Posted: 14-06-2017
Fail2ban is a service used to ban IP address which makes unsuccessful attempts. In our previous post, we explained on how to install fail2ban on centos 7 server. In this post, we will explain on how to install fail2ban on ubuntu host. Incase if the operating system is centos then please follow the below post to install fail2ban.
Implementation:
Install fail2ban using apt-get utility
apt-get install fail2ban
Press y to continue.
Enable the service on reboot safe.
systemctl enable fail2ban
Start the fail2ban service.
systemctl start fail2ban
Additional Information:
We will be adding additional steps on how to ban IP address which makes unsuccessful imap/pop attempts on mail server. Assume that log location is /var/log/mail.log.
Copy jail.conf to jail.local
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the file /etc/fail2ban/jail.local and append the following content.
[dovecot-pop3imap] enabled = true filter = dovecot-pop3imap port = pop3,pop3s,imap,imaps logpath = /var/log/mail.log maxretry = 20 findtime = 1200 bantime = 3600
where,
logpath represents maillog which fail2ban needs to check.
bantime – time for the ipaddress to be blocked in the firewall.
Create a file /etc/fail2ban/filter.d/dovecot-pop3imap.conf and add the following content.
[Definition] failregex = (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Aborted login \(\d+ authentication attempts).*rip=(?P<host>\S*),.* ignoreregex =
Restart the fail2ban service.
systemctl restart fail2ban
To check the fail2ban client status, use the below command.
fail2ban-client status
Output of the command will look like as follows
Status
|- Number of jail: 2
`- Jail list: dovecot-pop3imap, sshd
The log location for fail2ban service is /var/log/fail2ban.log.