Getting fail2ban working on Ubuntu 20.04

Any Linux system that’s exposed to the world tends to get a lot of hack attempts at it. I’ve typically run fail2ban on mine to try to mitigate this, but on Ubuntu 20.04 I was unable to get it to actually detect various attempts.

There are a lot of tutorials out there for fail2ban in general and even several on older versions of Ubuntu, but there’s one slight change on 20.04 (or maybe even an earlier version) which makes them not work. After a lot of hair-pulling I found one particular tutorial which had, buried almost in the marginalia, the magic thing I needed to get it working: basically, you need to use the systemd log scanning backend, as none of the others seem to actually have access to the logs themselves, at least not without a lot of hassle.

So, the short version: add backend = systemd to the [DEFAULT] section of /etc/fail2ban/jail.local. But read on for some sshd configuration notes as well!

Read more…