1. Intro

This is a quick and dirty fail2ban setup for Ubuntu and intended to be used as a quick-note.

I won't go into details here, as those are mostly covered in the Fail2ban howto for CentOS, which can be found here; Fail2ban with CentOS 6.

 

 

2. The guide

Install fail2ban.

# apt install fail2ban

 

 

2.1. Configure fail2ban

Copy jail.conf to jail.local and only add the settings we want to change there.

# cd /etc/fail2ban
# cp jail.conf jail.local
# nano jail.local

 

We'll ignore the connection from 192.168.0.100 as we don't want to get locked out while poking about on our own servers from my main workstation.

We're adding port 522 in addition to the default ssh port 22, as it could be used for some of the externally exposed servers.

The below are the contents of jail.local.

 

[DEFAULT] 
ignoreip = 127.0.0.1/8 ::1 192.168.0.100

[sshd]
enabled = true
port    = ssh,522
ignoreip = 192.168.0.100

 

Restart the fail2ban daemon and we're good to go.

# systemctl restart fail2ban

 

 

2.2. Unlock a banned cllient

# fail2ban-client set sshd unbanip 192.168.0.100

 

 

2.3. Check the fail2ban status for the sshd jail

# fail2ban-client status sshd
Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 6 | `- File list: /var/log/auth.log `- Actions |- Currently banned: 0 |- Total banned: 1 `- Banned IP list:

 

 

3. Sources

https://serverfault.com/questions/841183/how-to-show-all-banned-ip-with-fail2ban

https://serverfault.com/questions/285256/how-to-unban-an-ip-properly-with-fail2ban

https://linuxize.com/post/install-configure-fail2ban-on-ubuntu-20-04/