Categories: Security

🛡️ Protect Your Ubuntu Server with Fail2Ban: Step-by-Step Guide

Securing your Linux server is a critical task for every sysadmin. One of the simplest yet most effective ways to guard against brute-force login attempts is by using Fail2Ban. In this article, we’ll walk through how to install, configure, and customize Fail2Ban on Ubuntu.

📌 What is Fail2Ban?

Fail2Ban is a Python-based intrusion prevention system that monitors system logs and automatically bans IP addresses that show malicious signs, such as too many failed login attempts. It does this by updating firewall rules to reject those IPs for a defined period.

📦 Step 1: Install Fail2Ban

Fail2Ban is available in Ubuntu’s default repository. To install it:

sudo apt update
sudo apt install fail2ban

Once installed, enable and start the service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

🛠 Step 2: Configure Fail2Ban

Instead of editing the default config file, we copy it to a local configuration file to preserve upgrades:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now open the jail.local file:

sudo nano /etc/fail2ban/jail.local

Key parameters to review:

  • ignoreip: Whitelist your own IP
  • bantime: How long (in seconds) an IP is banned (default is 10 minutes)
  • findtime: The time window to count failures
  • maxretry: Number of allowed failures before banning

Example:

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
ignoreip = 127.0.0.1/8 192.168.1.100

🔒 Step 3: Enable the SSH Jail

By default, Fail2Ban comes with a jail for SSH. You can enable it by modifying or adding this section in jail.local:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3

This will ban an IP after 3 failed SSH login attempts.

📊 Step 4: Check Fail2Ban Status

Check that Fail2Ban is running:

sudo systemctl status fail2ban

Check active jails:

sudo fail2ban-client status

To see SSH jail statistics:

sudo fail2ban-client status sshd

🔧 Step 5: Unban an IP Address (If Needed)

If a legit IP is blocked, you can manually unban it:

sudo fail2ban-client set sshd unbanip 192.168.1.101

💡 Bonus: Email Alerts for Bans

Want email alerts when Fail2Ban blocks an IP? In the jail.local file:

destemail = you@example.com
sender = fail2ban@example.com
action = %(action_mwl)s

Make sure you have a mail service like sendmail or postfix configured.

🧠 Final Thoughts

Fail2Ban is one of the easiest ways to improve your Ubuntu server’s security. With a few lines of configuration, you can automatically block brute-force attackers and stay informed with alerts.

For advanced users, Fail2Ban can also protect services like Apache, Nginx, and even custom applications — simply by pointing to the correct log files.

Stay safe and automate your defenses!

🔗 References

ferisetyawanmyid

Share
Published by
ferisetyawanmyid
Tags: brute force protectionfail2ban sshlinux security
3 weeks ago

Recent Posts

Free Website Hosting Control Panel for Linux

If you run a VPS or dedicated server with Linux, you probably know that managing…

1 week ago

How to Find Out Who Rebooted Your Ubuntu Server (Step-by-Step Guide)

Short summary: Use built-in Linux tools (`who`, `last`, `journalctl`, `/var/log/auth.log`) and optional audit logs to…

2 weeks ago

🧾 Basic Linux Command Cheat Sheet for Beginners

Whether you're a new Linux user or a beginner sysadmin, mastering the terminal is a…

3 weeks ago

Best Free CMS Platforms for Self-Hosted Blogs and Websites [2025 Edition]

Choosing the right Content Management System (CMS) is key when you're building a blog, portfolio,…

3 weeks ago

📡 Getting Started with tcpdump: A Beginner’s Guide for Linux Sysadmins

As a Linux system administrator, understanding what happens on your network is crucial. One of…

1 month ago

MegaCLI Cheat Sheet

MegaCLI: useful commands Here are some useful commands: View information about the RAID adapter For…

4 months ago

This website uses cookies.