System information
Installation
Fail2ban is available as a package in many distributions. Alternatively, you can install
it from source by downloading it from the Fail2ban website. To install it on Ubuntu,
use the following command:
$ sudo apt-get install fail2ban
To install Fail2ban on CentOS, you must have the EPEL repository enabled. For more
information on the EPEL repository, see “Third-Party Repositories” on page 46. Once
the repository is enabled, Fail2ban can be installed by running the following command:
$ sudo yum install fail2ban
The installation of Fail2ban from a package will include an init script to
ensure that it runs when the machine boots up. If you install from
source, make sure that you take the necessary steps to ensure that
Fail2ban is always running.
iptables
For Fail2ban to be able to do anything useful after it detects an attack, you must also
have iptables installed. To install it on Ubuntu, use the following command:
$ sudo apt-get install iptables
To install iptables on CentOS, use this command:
$ sudo yum install iptables
You can verify that iptables has been installed by running the iptables command. The
-L option requests that the current firewall rules be displayed. In this case, there are no
rules configured:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Sending email
It is interesting and useful to allow Fail2ban to email the system administrator when it
bans an IP address. For this to work, an MTA must be installed. If you are not sure
which one to use, the one used during testing for writing this chapter was Postfix. To
install Postfix on Ubuntu, use the following command. You may be asked to answer a
couple of questions by the installer:
568 | Chapter 26: Security