How to configure Fail2Ban in Ubuntu 16.04

If you have set up a Linux server, you may be unaware how many times someone has attempted to compromise it. Any server that is open to the web has surely had bots trying to gain access to them by bombarding the server with default username and password guesses. They attempt to exploit your SSH and web ports to gain access. Thankfully fail2ban can help stop these login attempts.

SSH is still a very secure network protocol to access a remote server. Once connected to a remote server, all communications between you and the host is cryptographically secured, much like HTTPS traffic is secured with SSL. Setting up ssh to connect to a remote server does have some inherent risks, however, since a port is required to be publicly open to initiate a session. These risks can be mitigated with fail2ban, a service that automatically modifies iptables based on the number of failed login attempts from an IP address.

If fail2ban determines that an IP address has unsuccessfully attempted to login enough times, it will add an entry is added to iptables. Iptables, a command line firewall utility, will then drop any incoming connection from the IP address. This will prevent a brute force attack by limiting the number of attempted logins that they are able to perform.

Continue reading “How to configure Fail2Ban in Ubuntu 16.04”