How to Setup Fail2ban on Ubuntu Linux

Managing a Linux server means opening it up to the internet. Unfortunately, this also invites hackers to try and guess your password using automated tools. This is called a “brute force” attack. You need a way to stop these constant, annoying login attempts.

Why use Fail2ban? Fail2ban acts like a digital bouncer. It watches your server’s log files for repeated failed login attempts. When it spots a suspicious IP address, it tells your firewall to block that address for a set amount of time. This keeps your server safe and keeps bad actors out.

What happens when done? Your server will automatically detect and block malicious IP addresses. You will have a more secure system that doesn’t need constant manual monitoring.

Install Fail2ban

Fail2ban is easy to get from the standard Ubuntu software list. You will need admin privileges to run these commands.

sudo apt update
sudo apt install fail2ban

Once the installation finishes, the service starts on its own. Check if it is running correctly with this command:

sudo systemctl status fail2ban

You should see a status message like this:

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enab>
     Active: active (running) since Thu 2021-03-11 15:26:00 CST; 23s ago
       Docs: man:fail2ban(1)
   Main PID: 2982 (f2b/server)
      Tasks: 5 (limit: 4654)
     Memory: 13.6M
     CGroup: /system.slice/fail2ban.service
             └─2982 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Mar 11 15:26:00 ubuntu2004 systemd: Starting Fail2Ban Service.
Mar 11 15:26:00 ubuntu2004 systemd: Started Fail2Ban Service.

Configure Fail2ban

Fail2ban uses configuration files. The main file is located at

sudo cp /etc/fail2ban/jail.{conf,local}

/etc/fail2ban/jail.conf. You should never edit this file directly, as updates might erase your changes. Instead, create a copy named jail.local. This file tells the system to use your custom settings instead of the defaults.

Run this command to create your local configuration file (requires admin privileges):

sudo cp /etc/fail2ban/jail.{conf,local}

Now, open the file to start editing (requires admin privileges):

sudo nano /etc/fail2ban/jail.local

First, you should add your own IP address to the “whitelist” so you never accidentally lock yourself out. Look for the line to ignore IPs and update it:

ignoreip = 127.0.0.1/8 ::1 10.16.34.67 172.16.1.0/24

Next, adjust how strict your security is by changing these three settings:

• Bantime: How long the IP is blocked (default is 10 minutes).
  💻Code

  Copy

  #"bantime" is the number of seconds that a host is banned.
   bantime  = 10m

• Findtime: The window of time to count failed attempts.
  💻Code

  Copy

  #A host is banned if it has generated "maxretry" during the last "findtime"
  #seconds.
   findtime  = 10m

• Maxretry: How many failed tries are allowed before the ban happens.
  💻Code

  Copy

  #"maxretry" is the number of failures before a host get banned.
   maxretry = 5

Set Up Jails

Fail2ban uses “jails” to watch specific services, like SSH. By default, SSH protection is already on. You can see how the jail is set up in your configuration file:

# SSH servers

enable  = true
bantime = 10m
findtime = 10min
maxretry = 5
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

After you finish making changes, save the file and restart the service so the new settings take effect (requires admin privileges):

sudo systemctl restart fail2ban

Managing Fail2ban

You can use the Fail2ban client to manage your security. Here are a few common tasks:

• Check the status of your SSH jail:
  🐧Bash / Shell

  Copy

  sudo fail2ban-client status sshd

• Unban an IP address that you accidentally blocked:
  🐧Bash / Shell

  Copy

  sudo fail2ban-client set sshd unbanip 192.168.1.1

• Manually ban an IP address:
  🐧Bash / Shell

  Copy

  sudo fail2ban-client set sshd banip 192.168.1.1

Summary

Fail2ban is a powerful, automated security tool for your Linux server. By installing it and customizing your jail.local file, you protect your system from brute force attacks. You learned how to install the software, create a local configuration, set ban rules, and manage blocked IP addresses using the Fail2ban client. This simple setup significantly improves your server’s security against automated threats.

[1]

[1]

[sshd]