Want to install Fail2Ban on Linux Mint 21 system to help prevent brute-force attacks? This guide will walk you through the installation and configuration process.
Fail2Ban is an open-source intrusion prevention framework. It works by monitoring log files for failed login attempts and other suspicious activity. Once it detects too many failed logins or malicious behavior from an IP address, Fail2Ban blocks that IP address, preventing further attacks.
One of the many advantages it has is that it is compatible with many common services, including SSH, Apache, and Postfix. By analyzing the log files for these services, Fail2Ban can block IP addresses involved in brute-force attacks, web application attacks, email-based attacks, and more.
Without wasting any more of your time, let’s dive right into the post.
Which Attacks Does Fail2Ban Prevent?
Fail2Ban acts as a crucial shield against various malicious attacks. Here are some of the critical attack types that Fail2Ban can effectively prevent:
- Distributed Denial of Service (DDoS) attacks
- Brute-force attacks
- Web application attacks
- Email-based attacks
- Malicious bot activity
- Firewall evasion techniques and port scanning
What You’ll Need
To install Fail2Ban on Linux Mint 21, you will need:
- A fully functioning Linux Mint 21 system (guide).
- Administrative privileges (you will need to run commands with sudo)
- A stable internet connection to download updates and packages
- The APT package manager.
If you have all the above requirements, you can proceed with the installation steps below.
How to Install Fail2Bban on Linux Mint 21: Step-by-Step
Step 1: Update Package Lists
The first thing to do is to update the package lists for available software. It is considered a best practice as it checks for updates to all software repositories configured on the system. To perform the update, use the below command:
sudo apt update
Step 2: Upgrade Installed Packages
- Next, we will upgrade the installed packages to their latest versions. Doing this allows to get the latest versions of the repositories and replace the older versions. To upgrade packages to the latest versions, use the below command:
sudo apt upgrade
- After entering the command, if any packages are available to upgrade, it asks for permission to provide access to the additional disk space. Enter ‘Y‘ to continue with the package updating.
Step 3: Install Fail2Ban
- Installing Fail2Ban is extremely easy and can be done using a single command. Take note, for the command to work, you will need administrative privileges (root user). Here is the command to install Fail2Ban on Linux Mint 21;
sudo apt install fail2ban
- After entering the above command, the terminal will ask for permission to provide access to the additional disk space. Enter ‘Y‘ to continue with the installation of Fail2Ban.
- Once the installation is done successfully, verify the state of Fail2Ban. As we have installed it for the first time, the system will set up Fail2Ban with default configurations. You will need to configure (which will be shown in the next section below) and enable it to update the state of Fail2Ban.For now, here is the command to check the status of Fail2Ban:
sudo systemctl status fail2ban
The systemctl commands are used to manage and control various system services. With the above systemctl command, you can see the status of Fail2Ban as inactive from the output.
Step 4: Configure Fail2Ban
- After installing Fail2Ban, all its configuration files are inside the /etc/fail2ban directory. Use the below command to list the Fail2Ban configuration files:
sudo ls -l /etc/fail2ban/
- From the above configuration files, “jail.conf” is the main file. Open it using any text editor, and adding the “enabled = true” line can enable any Fail2Ban compatible service you choose.
Note: We advise you to create a new configuration file named after the specific service in the /etc/fail2ban/jail.d/ directory for ease of maintenance, customization, and overrides.
You can add any compatible service on Fail2Ban. For the purposes of this guide, we have considered SSH which will be shown in the next few steps.
Configuring SSH using Fail2Ban
- Start by creating a “jail.local” file for SSH to configure it using the below command manually:
sudo nano /etc/fail2ban/jail.d/sshd.conf
- Add the following lines once the file is created for SSH in the jail.d directory and open in the Nano editor:
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 120 ignoreip = whitelist-IP
- Save the sshd.conf file and restart the Fail2Ban service to apply the changes:
sudo systemctl restart fail2ban
- Verify if SSH is activated by using the below command. You can see it under the jail list if it is successfully activated:
sudo fail2ban-client status
- (Optional) If you need a more detailed current status of the SSH service in Fail2Ban. Use the below command:
sudo fail2ban-client status ssh
Step 5: Enable Fail2Ban
Once you have restarted the Fail2Ban service and your device is running on Linux Mint 21, you may notice an error – “Is fail2ban running?” (as shown in the screenshot below) when you try to use Fail2Ban after the reboot.
Here are steps to fix the “Is fail2ban running?” error:
- Enable Fail2Ban manually for the first time. Here is the command to enable Fail2Ban:
sudo systemctl enable fail2ban
- Once Fail2ban is enabled manually, start it using the below command:
sudo systemctl start fail2ban
- After you have enabled and started Fail2Ban, verify the status using the below command, and the terminal should display it as active:
sudo systemctl status fail2ban
What to Do If You Get Fail2Ban Inactive Status Issue?
If Fail2Ban isn’t active, you might have made some mistakes with the installation or configuration. Repeat the sections (Install Fail2Ban and Confirgure Fail2Ban) above after uninstalling Fail2Ban using the below command:
sudo apt remove fail2ban
Conclusion
That’s pretty much it! You have now successfully learnt installed and implemented Fail2Ban on your Linux Mint 21 machine. Now the configuration part of this guide is for reference and the commands may vary depending on each service. Should you encounter the Fail2Ban inactive issue, then you can try the troubleshooting steps above.
If this guide helped you, please share it.
