1 02. Installing Fail2Ban
Asif Bacchus edited this page 3 years ago

Installing an up-to-date Fail2Ban (Debian/Ubuntu)

The F2B version available via apt for Debian/Ubuntu is old and does not support IP6 (as at the time of this document being written). So let's grab a newer version from the source at github.

Note: Only versions 0.10+ offer IP6 support.

  • Switch to your home directory or somewhere you can work with downloaded files.

  • Get the latest version of Fail2Ban, switch to the created directory and install it using the python installer script.

    # get latest fail2ban version
    git clone https://github.com/fail2ban/fail2ban.git
    # change to the newly created directory containing f2b
    cd fail2ban
    # run the installer
    sudo python setup.py install
  • Let's test the installation by running fail2ban-client. If it displays the help screen, then things are probably set up properly.

    fail2ban-client -h
  • Now, let's configure systemd to load fail2ban automatically on system start-up.

    # copy the service file to the correct location
    sudo cp files/debian-initd /etc/init.d/fail2ban
    # tell systemd to refresh itself to recognize the new service
    sudo update-rc.d fail2ban defaults
  • Let's go ahead and start the service to make sure it doesn't run into any problems. You should not see any errors reported and should have a pleasant 'green dot' showing up.

  • --full --no-pager means display everything and wrap output so it isn't cut off and we can actually read it!

    # start the service
    sudo systemctl start fail2ban.service
    # check it's status for any errors
    sudo systemctl --full --no-pager status fail2ban.service
  • One more test just to be sure everything is set up. You should see f2b report it's version without any errors being generated.

    fail2ban-client version

That's it! Fail2Ban is set up and running on your system. Now we have to apply our configuration.