Hexzilla
Posts
🛡️How to Install and Configure Fail2ban on Linux | Protect Your Linux Server from Brute-Force Attacks

🛡️How to Install and Configure Fail2ban on Linux | Protect Your Linux Server from Brute-Force Attacks

How to Install and configure Fail2ban on Linux

October 07, 2024

What is Fail2ban?

Fail2ban is a security tool 🔒 that monitors your server’s logs for suspicious activity (like failed login attempts) and bans IPs that show malicious behavior 🚫. Super useful for protecting services like SSH!

Step 1: Update your system 🐧

First, ensure your system is up to date to avoid compatibility issues.

sudo apt update && sudo apt upgrade

Step 2: Install Fail2ban ⚙️

Now, install Fail2ban from your package manager.

sudo apt install fail2ban

Step 3: Configure Fail2ban 🔧

Copy default configuration file 📝
Before making changes, create a local copy to customize settings.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration ⚙️
Open the jail.local file to adjust settings.

sudo nano /etc/fail2ban/jail.local

Set ban time (how long an IP is banned):

bantime = 600    # Bans IP for 10 minutes

Max retries (failed attempts before banning):

maxretry = 5     # After 5 failed login attempts, IP gets banned

Whitelist trusted IPs:

ignoreip = 127.0.0.1/8 192.168.1.1   # Local and trusted IPs

Enable SSH protection 🔐

[sshd]
enabled = true    # Protect SSH logins
port = ssh
logpath = /var/log/auth.log

Step 4: Start Fail2ban 🚦

After configuring, start the Fail2ban service.

sudo systemctl start fail2ban

Step 5: Check Fail2ban status 🔍

Ensure Fail2ban is running and protecting your server.

sudo fail2ban-client status

🚀 You’re Done!

Fail2ban is now actively protecting your server from brute-force attacks. 🎉