Securing your Linux server is a critical task for every sysadmin. One of the simplest yet most effective ways to guard against brute-force login attempts is by using Fail2Ban. In this article, we’ll walk through how to install, configure, and customize Fail2Ban on Ubuntu.
📌 What is Fail2Ban?
Fail2Ban is a Python-based intrusion prevention system that monitors system logs and automatically bans IP addresses that show malicious signs, such as too many failed login attempts. It does this by updating firewall rules to reject those IPs for a defined period.
📦 Step 1: Install Fail2Ban
Fail2Ban is available in Ubuntu’s default repository. To install it:
sudo apt update
sudo apt install fail2banOnce installed, enable and start the service:
sudo systemctl enable fail2ban
sudo systemctl start fail2ban🛠 Step 2: Configure Fail2Ban
Instead of editing the default config file, we copy it to a local configuration file to preserve upgrades:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localNow open the jail.local file:
sudo nano /etc/fail2ban/jail.localKey parameters to review:
- ignoreip: Whitelist your own IP
- bantime: How long (in seconds) an IP is banned (default is 10 minutes)
- findtime: The time window to count failures
- maxretry: Number of allowed failures before banning
Example:
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
ignoreip = 127.0.0.1/8 192.168.1.100
🔒 Step 3: Enable the SSH Jail
By default, Fail2Ban comes with a jail for SSH. You can enable it by modifying or adding this section in jail.local:
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3
This will ban an IP after 3 failed SSH login attempts.
📊 Step 4: Check Fail2Ban Status
Check that Fail2Ban is running:
sudo systemctl status fail2banCheck active jails:
sudo fail2ban-client statusTo see SSH jail statistics:
sudo fail2ban-client status sshd🔧 Step 5: Unban an IP Address (If Needed)
If a legit IP is blocked, you can manually unban it:
sudo fail2ban-client set sshd unbanip 192.168.1.101💡 Bonus: Email Alerts for Bans
Want email alerts when Fail2Ban blocks an IP? In the jail.local file:
destemail = [email protected]
sender = [email protected]
action = %(action_mwl)s
Make sure you have a mail service like sendmail or postfix configured.
🧠 Final Thoughts
Fail2Ban is one of the easiest ways to improve your Ubuntu server’s security. With a few lines of configuration, you can automatically block brute-force attackers and stay informed with alerts.
For advanced users, Fail2Ban can also protect services like Apache, Nginx, and even custom applications — simply by pointing to the correct log files.
Stay safe and automate your defenses!
![Best Free CMS Platforms for Self-Hosted Blogs and Websites [2025 Edition]](https://ferisetyawan.com/wp-content/uploads/2025/08/Best-CMS-Platforms-150x150.png)
