Installing and Configuring Fail2ban on Linux
Fail2ban is a log-parsing tool that protects Linux servers from brute-force attacks. It scans system logs and bans IPs that show malicious signs, such as too many password failures or seeking for exploits.
1. Update Your Package List
For Debian/Ubuntu-based systems:
sudo apt updateFor RHEL/CentOS/Fedora systems:
sudo dnf update2. Install Fail2ban
On Debian/Ubuntu:
sudo apt install fail2banOn CentOS/RHEL/Fedora:
sudo dnf install epel-release
sudo dnf install fail2ban3. Enable and Start the Fail2ban Service
sudo systemctl enable fail2ban
sudo systemctl start fail2ban4. Create a Local Jail Configuration
It’s best to avoid editing the default jail.conf directly. Instead, create a new file:
sudo nano /etc/fail2ban/jail.localAdd this basic configuration to protect SSH:
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 55. Restart Fail2ban to Apply Changes
sudo systemctl restart fail2ban6. Check Status
To confirm that fail2ban is running and protecting your services:
sudo fail2ban-client statusTo check status of a specific jail (e.g., sshd):
sudo fail2ban-client status sshd7. Log File Locations
- Fail2ban log:
/var/log/fail2ban.log - Systemd journal (alternative):
journalctl -u fail2ban
Summary
Fail2ban provides simple but powerful protection against automated attacks. With proper configuration, it can defend not only SSH, but also web services like Apache, NGINX, and more.
