Fail2Ban

August 06, 2019

I love Fail2Ban, it’s a great way to secure your VPSs in the cloud. I deploy it on all of my servers and then enable certain “jails” based on the configuration necessary for the particular machine. Installing and configuring fail2ban is pretty straightforward for Ubuntu, but since I needed to look up the directions again, I figured I’d replicated them here.

Install Fail2Ban

sudo apt-get install -y fail2ban

Configure Jails

First we’ll setup a jail for SSH:

sudo vim /etc/fail2ban/jail.local

[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Now restart fail2ban.

sudo systemctl restart fail2ban

Future Work

I use the Caddy webserver a lot, unfortunately there’s not a lot out there about doing bad actor analysis for Caddy. In the future I plan to modify some of the Apache2 Fail2Ban configurations to do similar work for Caddy. Stay tuned!