Categories: Security

🛡️ Protect Your Ubuntu Server with Fail2Ban: Step-by-Step Guide

Securing your Linux server is a critical task for every sysadmin. One of the simplest yet most effective ways to guard against brute-force login attempts is by using Fail2Ban. In this article, we’ll walk through how to install, configure, and customize Fail2Ban on Ubuntu.

📌 What is Fail2Ban?

Fail2Ban is a Python-based intrusion prevention system that monitors system logs and automatically bans IP addresses that show malicious signs, such as too many failed login attempts. It does this by updating firewall rules to reject those IPs for a defined period.

📦 Step 1: Install Fail2Ban

Fail2Ban is available in Ubuntu’s default repository. To install it:

sudo apt update
sudo apt install fail2ban

Once installed, enable and start the service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

🛠 Step 2: Configure Fail2Ban

Instead of editing the default config file, we copy it to a local configuration file to preserve upgrades:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now open the jail.local file:

sudo nano /etc/fail2ban/jail.local

Key parameters to review:

  • ignoreip: Whitelist your own IP
  • bantime: How long (in seconds) an IP is banned (default is 10 minutes)
  • findtime: The time window to count failures
  • maxretry: Number of allowed failures before banning

Example:

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
ignoreip = 127.0.0.1/8 192.168.1.100

🔒 Step 3: Enable the SSH Jail

By default, Fail2Ban comes with a jail for SSH. You can enable it by modifying or adding this section in jail.local:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3

This will ban an IP after 3 failed SSH login attempts.

📊 Step 4: Check Fail2Ban Status

Check that Fail2Ban is running:

sudo systemctl status fail2ban

Check active jails:

sudo fail2ban-client status

To see SSH jail statistics:

sudo fail2ban-client status sshd

🔧 Step 5: Unban an IP Address (If Needed)

If a legit IP is blocked, you can manually unban it:

sudo fail2ban-client set sshd unbanip 192.168.1.101

💡 Bonus: Email Alerts for Bans

Want email alerts when Fail2Ban blocks an IP? In the jail.local file:

destemail = you@example.com
sender = fail2ban@example.com
action = %(action_mwl)s

Make sure you have a mail service like sendmail or postfix configured.

🧠 Final Thoughts

Fail2Ban is one of the easiest ways to improve your Ubuntu server’s security. With a few lines of configuration, you can automatically block brute-force attackers and stay informed with alerts.

For advanced users, Fail2Ban can also protect services like Apache, Nginx, and even custom applications — simply by pointing to the correct log files.

Stay safe and automate your defenses!

🔗 References

ferisetyawanmyid

Share
Published by
ferisetyawanmyid
Tags: brute force protectionfail2ban sshlinux security
4 months ago

Recent Posts

10 Essential Linux Commands Every SysAdmin Should Know

As a Linux System Administrator, mastering the command line is key to efficiently managing servers,…

3 weeks ago

🚀 How to Install WireGuard with Docker on Ubuntu 24.04 (wg-easy Dashboard)

Introduction WireGuard is a fast, lightweight, and modern VPN protocol designed for simplicity and performance.If…

1 month ago

How To Install Certbot on Ubuntu 24.04: Set Up Let’s Encrypt for Apache and Nginx

Securing your website with HTTPS is essential for privacy, SEO ranking, and user trust. Let’s…

1 month ago

Best SSH Clients for Linux: Top Tools for Secure Remote Connections

If you manage Linux servers regularly, you know how important SSH (Secure Shell) is. Whether…

2 months ago

🐧 Best Linux Distributions for Beginners and Daily Use (2025 Edition)

If you’re new to Linux or thinking about switching from Windows or macOS, this guide…

2 months ago

Essential SRE Tools That Run on Linux

Introduction Site Reliability Engineering (SRE) has become a critical discipline in modern IT operations. The…

2 months ago

This website uses cookies.