jeannot-muller.com

How To Configure fail2ban?

How To Configure fail2ban?

Jeannot Muller's photo
Jeannot Muller
·

2 min read

What is fail2ban all about?

Fail2ban determines the IP addresses in the server’s log files that are noticeable due to unusual behaviour, such as repeatedly trying to log in with an incorrect password.
When a certain number of unsuccessful attempts happened, fail2ban will automatically ensure that the IP address is banned or blocked for a predetermined time.
The administrator can also configure Fail2ban so that a suspicious IP address is first reported to him by email. You have many options here.

Caveat after installation of a brand new web server:

Let’s assume your brand new server got the IP 11.22.33.44. Now, as a happy new owner of this server, you might be surprised that all of a sudden, you can’t log in any longer. What is happening here?

Well, don’t forget that your new IP most likely belonged to someone else a few minutes, hours, days ago. Especially in environments with a lot of activity of creating new servers and deleting test instances, this is just a regular thing.
Hence, it can be that the former owner of this IP address is still (by mistake) trying to connect to “your” server. And as such, your fail2ban will now block your user.
No big deal, if this happened, you only have to wait for one hour, or you could restart or access the server via the web frontend of your provider.

Please note that this usually only happens if you are still using your root user to access your instance. Once you created your user, you will be usually safe. Because it is unlikely that the old IP owner used the same user you have made.

Configuring fail2ban

Fail2ban comes with a configuration file

/etc/fail2ban/ jail.conf

But you should never edit this file directly, as every update will overwrite your changes:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

If you are making changes to jail.local, you have to restart the service afterwards:

sudo systemctl restart fail2ban.service

Fail2ban is a great little tool, but beginners often forget that they have activated it. Especially when playing around with the methods to access your server, this can end up in a nightmare if you forget that fail2ban might have blocked you.

Please keep this in mind!

Did you find this article valuable?

Support Jeannot Muller by becoming a sponsor. Any amount is appreciated!

LinuxWeb Development