• Hexzilla
  • Posts
  • ๐Ÿ›ก๏ธHow to Install and Configure Fail2ban on Linux | Protect Your Linux Server from Brute-Force Attacks

๐Ÿ›ก๏ธHow to Install and Configure Fail2ban on Linux | Protect Your Linux Server from Brute-Force Attacks

How to Install and configure Fail2ban on Linux

October 07, 2024

What is Fail2ban?

Fail2ban is a security tool ๐Ÿ”’ that monitors your serverโ€™s logs for suspicious activity (like failed login attempts) and bans IPs that show malicious behavior ๐Ÿšซ. Super useful for protecting services like SSH!

Step 1: Update your system ๐Ÿง

First, ensure your system is up to date to avoid compatibility issues. 

sudo apt update && sudo apt upgrade

Step 2: Install Fail2ban โš™๏ธ

Now, install Fail2ban from your package manager. 

sudo apt install fail2ban

Step 3: Configure Fail2ban ๐Ÿ”ง

  • Copy default configuration file ๐Ÿ“
    Before making changes, create a local copy to customize settings. 

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

  • Edit the configuration โš™๏ธ

    Open the jail.local file to adjust settings. 

sudo nano /etc/fail2ban/jail.local

  • Set ban time (how long an IP is banned): 

bantime = 600    # Bans IP for 10 minutes

  • Max retries (failed attempts before banning): 

maxretry = 5     # After 5 failed login attempts, IP gets banned

  • Whitelist trusted IPs: 

ignoreip = 127.0.0.1/8 192.168.1.1   # Local and trusted IPs

  • Enable SSH protection ๐Ÿ” 

[sshd]
enabled = true    # Protect SSH logins
port = ssh
logpath = /var/log/auth.log

Step 4: Start Fail2ban ๐Ÿšฆ

After configuring, start the Fail2ban service. 

sudo systemctl start fail2ban

Step 5: Check Fail2ban status ๐Ÿ”

Ensure Fail2ban is running and protecting your server. 

sudo fail2ban-client status

๐Ÿš€ Youโ€™re Done!

Fail2ban is now actively protecting your server from brute-force attacks. ๐ŸŽ‰