Open Support Ticket
24/7 customer support
Open Support Ticket
English
How to Install and Configure Fail2Ban on Ubuntu
Fail2Ban is a vital security tool that protects Linux servers from brute-force attacks by monitoring logs and banning malicious IPs. This guide simplifies installing and configuring Fail2Ban on Ubuntu, with practical examples and tips to secure your VPS or dedicated server effectively.
Why Use Fail2Ban?
Fail2Ban enhances server security by:
Blocking IPs after repeated failed login attempts.
Protecting services like SSH, web servers, or email.
Reducing the risk of unauthorized access.
Automating firewall rules for efficiency.
Installing Fail2Ban
First, update your package list and install Fail2Ban using the following commands:
sudo apt update
sudo apt install fail2ban -yOnce installed, start and enable the Fail2Ban service:
sudo systemctl start fail2ban
sudo systemctl enable fail2banСonfiguring Fail2Ban
The default configuration file for Fail2Ban is located at /etc/fail2ban/jail.conf. However, it is recommended to create a custom configuration file to prevent changes from being overwritten during updates.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localEdit the configuration file using a text editor:
sudo nano /etc/fail2ban/jail.localKey Configuration Settings
- bantime: Defines the duration (in seconds) for which an IP address will be banned.
- findtime: Specifies the time window for detecting multiple failed attempts.
- maxretry: Number of failed login attempts before an IP gets banned.
- ignoreip: List of trusted IP addresses that should not be banned.
Example settings:
[DEFAULT]
bantime = 600
findtime = 600
maxretry = 5
ignoreip = 127.0.0.1/8Enabling Fail2Ban for SSH
To enable Fail2Ban for SSH protection, ensure the following section is present in jail.local:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3Save the file and restart Fail2Ban:
sudo systemctl restart fail2banChecking Fail2Ban Status
To verify that Fail2Ban is working correctly, use the following command:
sudo fail2ban-client statusTo check the status of a specific jail (e.g., SSH):
sudo fail2ban-client status sshdUnbanning an IP Address
If a legitimate IP address gets banned, you can unban it using:
sudo fail2ban-client set sshd unbanip <IP_ADDRESS>Conclusion
Fail2Ban is a straightforward yet powerful tool to secure your Ubuntu server against brute-force attacks. By installing, configuring, and testing it with the examples above, you can protect services like SSH and reduce risks. Paired with AvaHost’s reliable VPS or dedicated servers, Fail2Ban ensures your hosting environment stays secure and resilient with minimal effort.
Related Posts
Linux ss Command
Mastering Network Monitoring with the ss Command In the fast-paced world of network administration, having the right tools to monitor...
What is a Domain Extension?
A domain extension, or top-level domain (TLD), is the final piece of a website’s address, like .com or .org, following...
Using the mkfs Command in Linux for Formatting a Filesystem on a Disk or Partition
The mkfs (Make Filesystem) command in Linux is used to create a new filesystem on a disk partition or storage...