# Install fail2ban

Fail2Ban is the security layer in which you reduce the number of attempts from the unknown ip's trying to break in to your server. This is done by setting up the following parameters in the file 'jail.conf'. That includes:

[#ignoreip](https://www.primestakepool.com/blog/hashtags/ignoreip) = 127.0.0.1/8 ::1

[#bantime](https://www.primestakepool.com/blog/hashtags/bantime) = 10m

[#findtime](https://www.primestakepool.com/blog/hashtags/findtime) = 10m

[#maxretry](https://www.primestakepool.com/blog/hashtags/maxretry) = 5m

\[sshd]

Remember to remove hash # before each parameter to take effect.

Now let's install fail2ban:

```
sudo apt install fail2ban
```

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FS9RMLuhFFevNLC6mO4Ks%2Fp37.png?alt=media&#x26;token=434a4965-d136-446c-9ecd-216a5c7b36ff" alt=""><figcaption></figcaption></figure>

```
 cd /etc/fail2ban
```

```
ls
```

action.d fail2ban.conf fail2ban.d filter.d jail.conf paths-arch.conf paths-common.conf\
paths-debian.conf paths-opensuse.conf

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2F7bu6T0D5uq1qVx9vW7uA%2Fp38.png?alt=media&#x26;token=31411bb1-18f5-4c9c-82ce-2d42a9518dac" alt=""><figcaption></figcaption></figure>

Let's see the contents of the file 'jail.conf'.

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FXCx6OgIbGWVTIorCThD0%2Fp39.png?alt=media&#x26;token=4c6dcd2c-ce55-4f2e-a746-45f932e258cd" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2F43juA3KFJQw9rej2woXB%2Fp40.png?alt=media&#x26;token=f3645088-7021-48f3-be11-a097931618a8" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FrmxEBbGdwmsXDYA7b82e%2Fp41.png?alt=media&#x26;token=025752ca-d5bc-4728-ac30-4b3f03eabc18" alt=""><figcaption></figcaption></figure>

We need to change the parameters in the file 'jail.conf'. But if we do so, then while updating the Ubuntu system packages the file gets overwritten and restored to its default settings. For this not to happen we need to cp 'jail.conf' to 'jail.local'.

```
cp jail.conf jail.local
```

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FSvMJ9Ke7jjxYEsKqJISt%2Fp42.png?alt=media&#x26;token=e98b591c-6744-4710-b4b9-c8ded0c35df9" alt=""><figcaption></figcaption></figure>

Now lets change the parameter in the file 'jail.local'.

```
sudo nano jail.local
```

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2Fii2TIKK3sP7OuTNXszL7%2Fp43.png?alt=media&#x26;token=b6442867-027f-4ee8-982c-9eb623243ba3" alt=""><figcaption></figcaption></figure>

In 'ignoreip' just put your local computer ip address with a space after '127.0.0.1/8 ::1 '.

ignoreip = 127.0.0.1/8 ::1 192.163.6.4

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/24

ignoreip = 127.0.0.1/8 ::1 192.163.6.4/32

Also put '/24' after your local computer's ip address if you don't want ip's coming from your local network to get banned and put '/32' if you don't want network having single IPv4 address to get banned. For details about IPv4 CIDR blocks visit wikipedia page [here](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FB46qHBvD0Fd23zcSeoA6%2Fp46.png?alt=media&#x26;token=64a1a3a7-ef3a-4d35-ba83-332ebb4bbd06" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FQUn7qELzZHWlgscrkgeo%2Fp44.png?alt=media&#x26;token=b44118d7-5392-40ad-b322-ad2461f73677" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2Fufa0SLqKQklEj2emEUsy%2Fp45.png?alt=media&#x26;token=461ce792-f47f-42cc-9f20-06aae66db814" alt=""><figcaption></figcaption></figure>

Keep bantime, findtime, maxretry to default settings i.e. [bantime](https://www.primestakepool.com/blog/hashtags/bantime) = 10m  [findtime](https://www.primestakepool.com/blog/hashtags/findtime) = 10m  [maxretry](https://www.primestakepool.com/blog/hashtags/maxretry) = 5m as it is sufficient to keep the bad actors away from re-attempting to break into your server.&#x20;

Under \[sshd]  enter line 'enable = true' and change the port to your ssh port. If it is port 22 then you can simply keep it as 'ssh'.&#x20;

<figure><img src="https://1333520747-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjnxYeTEvdhQuzHnaDHIu%2Fuploads%2FCT0eXWBmC4izxcxcVENR%2Fp47.png?alt=media&#x26;token=7cbf9135-874e-4cd9-8e2c-5f8c681bcc5f" alt=""><figcaption></figcaption></figure>

Restart fail2ban for settings to take effect

```
sudo systemctl restart fail2ban
```