Setting up fail2ban on Ubuntu Server 16.04 Xenial

Warning: This post is a draft and is to be considered unfinished. The content might be of poor quality, might not have been tested thourughly, or can even be misleading!
Revision history
Tags: ubuntu fail2ban linux draft

Install

# apt-get update
# apt-get install fail2ban

Configure

This is a working example configuration. All code blocks below the headers belongs the the same file.

/etc/fail2ban/jail.d/jail.local

Never ban specified IP in any jails

[DEFAULT]
ignoreip = <ip>

If sshd is listening on a non-default port, specify it with the port option.

[sshd]
enabled = true
port = 2222
bantime = 7200 ; two hours

Ban clients that matches filter in the specified logpath

[ufw-block]
enabled = true
logpath = /var/log/ufw.log
filter = ufw-block
findtime = 180 ; three minutes
maxretry = 5
bantime = 3600 ; one hours

The recidive jail will ban clients that have been banned before. See /etc/fail2ban/jail.conf

[recidive]
enabled = true
bantime = 86400 ; one day

/etc/fail2ban/filter.d/ufw-block.local

Match BLOCK events from ufw.

[Definition]
failregex = UFW BLOCK.* SRC=<HOST>

Helpful commands

Get information about a jail, including banned IPs and/or hostnames

# fail2ban-client status <JAIL>

Unban an IP address

# fail2ban set <JAIL> unbanip <IP>

If you have any comments or feedback, please send me an e-mail. (stig at stigok dotcom).

Did you find any typos, incorrect information, or have something to add? Then please propose a change to this post.