Index > Help Tutorials > Setup fail2ban in Ubuntu This article is based on Ubuntu 16.04 LTS
Installation
apt install fail2ban
Create configuration for local jails
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Create jail for SSH
cat << eot > /etc/fail2ban/jail.local
# SSH servers, will ban for 30 days
[sshd]
port = ssh
logpath = %(sshd_log)s
maxretry = 2
bantime = 2592000 # time in seconds
eot
By default above jail is enabled so lets restart service
/etc/init.d/fail2ban restart
Check the status of sshd jail
fail2ban-client status sshd
Create jail for asterisk
cat << eot >> /etc/fail2ban/jail.local
# Jail for Asterisk PBX
[asterisk]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/messages
/var/log/asterisk/security
maxretry = 2
bantime = 2592000
eot
Now enable above jail
cat << eot >> /etc/fail2ban/jail.d/defaults-debian.conf
[asterisk]
enabled = true
eot
Restart fail2ban service
/etc/init.d/fail2ban restart
unban ip address
fail2ban-client set asterisk unbanip xxx.xxx.xxx.xxx
ignore subnet from ban
fail2ban-client set asterisk addignoreregex xxx.xxx.xxx.xxx/24
remove subnet from unban
fail2ban-client set asterisk delignoreregex 1
⇑