How To Install Fail2Ban on Manjaro
In this tutorial, we will show you how to install Fail2Ban on Manjaro. Fail2Ban is an intrusion prevention software that works by analyzing log files, detecting failed login attempts, and then taking action, such as banning the IP address from further login attempts for a specific period. It is particularly effective at protecting against brute-force attacks, where an attacker repeatedly tries to guess a password or access a resource. Fail2Ban can also protect against port scanning tools used by attackers to identify open ports on a server that they can exploit.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Fail2Ban on a Manjaro Linux.
Prerequisites
- A server or desktop running one of the following operating systems: Manjaro, and other Arch-based distributions.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A stable internet connection is crucial for downloading and installing packages. Verify your connection before proceeding.
- Access to a Manjaro Linux system with a non-root sudo user or root user.
Install Fail2Ban on Manjaro
Step 1. Before installing any new software, it’s a good practice to update your package database. This ensures that you’re installing the latest version of the software and that all dependencies are up to date. To update the package database, run the following command in the terminal:
sudo pacman -Syu
Step 2. Installing Fail2Ban on Manjaro.
Once the system repositories are updated, you can install Fail2Ban using the following command:
sudo pacman -S fail2ban
This command will download and install Fail2Ban on your Manjaro system. After the installation is complete, you can verify that Fail2Ban has been installed correctly by checking its version with the following command:
fail2ban-client version
After installing Fail2Ban, you need to start the Fail2Ban service. You can do this with the following command:
sudo systemctl start fail2ban
To ensure that Fail2Ban starts automatically at system boot, you need to enable it. You can do this with the following command:
sudo systemctl enable fail2ban
You can check the status of the Fail2Ban service with the following command:
sudo systemctl status fail2ban
Step 3. Configuration Fail2Ban.
Fail2Ban is configured through several files located within a hierarchy under the /etc/fail2ban/ directory. The main configuration is specified in the files that define the per-application “jails”. By default, Fail2Ban ships with a jail.conf file. However, to preserve custom settings, it’s recommended to create a local copy of the configuration file named jail.local. You can do this with the following command:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Setting Up Jails
Jails are a key feature of Fail2Ban. When a service, such as SSHd, is jailed, Fail2Ban will continuously monitor the log(s) of that service for possible repeated attempts. If a given number of attempts is detected within a particular time window, a blocking rule is automatically set for a given time. The settings of these jails are done through the jail.local file.
For example, to jail the SSH service, you can add the following lines to the jail.local file:
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 600
This configuration will enable the SSH jail and set the port to ssh, use the sshd filter, set the log path to /var/log/auth.log, set the maximum retry attempts to 3, and set the ban time to 600 seconds.
- Customizing Ban Settings
You can customize the ban settings by setting parameters like bantime, findtime, and maxretry in the jail.local file. For example, to change the default ban time to 1 day, you can add the following lines to the jail.local file:
[DEFAULT] bantime = 1d
- Whitelisting IP Addresses
You can whitelist trusted IP addresses using the ignoreip parameter in the jail.local file. For example, to whitelist the IP address 192.168.1.100, you can add the following lines to the jail.local file:
[DEFAULT] ignoreip = 192.168.1.100
This configuration will prevent the IP address 192.168.1.100 from being banned.
- Configuring Log Files
Fail2Ban operates by monitoring log files for selected entries. You can specify the log files to be monitored in the jail.local file. For example, to monitor the /var/log/auth.log file for the SSH service, you can add the following lines to the jail.local file:
[sshd] logpath = /var/log/auth.log
Step 4. Testing the SSH Brute-Force Protection.
Verifying that the jail is working correctly is an important step before relying on Fail2Ban for security. We will manually trigger bans to ensure traffic from an offender IP is blocked as per the maxretry limit set previously.
Congratulations! You have successfully installed Fail2Ban. Thanks for using this tutorial to install the latest version of Fail2Ban on the Manjaro system. For additional help or useful information, we recommend you check the official Fail2Ban website.
