How to Setup Fail2ban on Ubuntu Linux
Fail2ban protects your Ubuntu Linux server from brute-force attacks by automatically blocking suspicious IP addresses.
This security tool monitors server log files, like those for SSH, for repeated failed login attempts. When it detects a pattern of malicious activity from a specific IP, Fail2ban instructs your firewall (typically iptables or nftables) to temporarily ban that IP address.
Implementing Fail2ban for your Ubuntu server means you significantly reduce the risk of unauthorized access. You gain an automated defense system that actively shields your machine from common online threats, enhancing overall system security without constant manual oversight.
Install Fail2ban using `sudo apt update` and `sudo apt install fail2ban`. Then, copy the default configuration to `jail.local` with `sudo cp /etc/fail2ban/jail.{conf,local}` and edit it using `sudo nano /etc/fail2ban/jail.local` to set your whitelist and ban parameters. Restart the service with `sudo systemctl restart fail2ban`.
Install Fail2ban
Installing Fail2ban on Ubuntu Linux is straightforward using the built-in software package manager. You can quickly get Fail2ban set up by opening your terminal and running a couple of simple commands to update your package list and then install the software.
Mar 11 15:26:00 ubuntu2004 systemd: Starting Fail2Ban Service.
Mar 11 15:26:00 ubuntu2004 systemd: Started Fail2Ban Service.
Configure Fail2ban
To set up Fail2ban, you’ll need to create a local configuration file, usually named jail.local. It’s important not to edit the main jail.conf file directly, as updates can overwrite your changes. Copying jail.conf to jail.local lets you make custom settings without losing them.
Run this command to create your local configuration file (requires admin privileges):
sudo cp /etc/fail2ban/jail.{conf,local}Now, open the file to start editing (requires admin privileges):
sudo nano /etc/fail2ban/jail.local
First, you should add your own IP address to the “whitelist” so you never accidentally lock yourself out. Look for the line to ignore IPs and update it:
ignoreip = 127.0.0.1/8 ::1 10.16.34.67 172.16.1.0/24
Next, adjust how strict your security is by changing these three settings:
- Bantime: How long the IP is blocked (default is 10 minutes).
Code
#"bantime" is the number of seconds that a host is banned. bantime = 10m - Findtime: The window of time to count failed attempts.
Code
#A host is banned if it has generated "maxretry" during the last "findtime" #seconds. findtime = 10m - Maxretry: How many failed tries are allowed before the ban happens.
Code
#"maxretry" is the number of failures before a host get banned. maxretry = 5
Set Up Jails
Fail2ban uses ‘jails’ to monitor specific services, such as SSH, for suspicious activity. The default SSH jail is usually already set up and protects your server from brute-force attacks. You can see its settings like how long an IP is banned and how many tries are allowed in your configuration file.
enable = true
bantime = 10m
findtime = 10min
maxretry = 5
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
After you finish making changes, save the file and restart the service so the new settings take effect (requires admin privileges):
sudo systemctl restart fail2ban
Managing Fail2ban
You can manage Fail2ban’s security settings using the fail2ban-client tool in your terminal. This lets you check the status of specific jails, like SSH, to see if any IPs are currently banned. You can also manually unban an IP address you accidentally blocked or even ban one yourself.
Summary
In summary, Fail2ban is a great tool for automatically protecting your Linux server from attacks. By following this guide, you’ve learned how to install Fail2ban on Ubuntu, set up your custom configuration, define rules for services like SSH, and manage banned IPs. This simple setup greatly improves your server’s security.
[1]
[1]
[sshd]
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!