{"id":55108,"date":"2022-05-19T14:59:19","date_gmt":"2022-05-19T14:59:19","guid":{"rendered":"\/tutorials\/?p=55108"},"modified":"2025-07-07T11:45:37","modified_gmt":"2025-07-07T11:45:37","slug":"fail2ban-configuration","status":"publish","type":"post","link":"\/tutorials\/fail2ban-configuration","title":{"rendered":"How to secure your Linux server with Fail2Ban configuration"},"content":{"rendered":"

Fail2Ban is arguably the best software to secure a Linux server and protect it against automated attacks. When enabled, it offers many customizable rules to ban source addresses that may try to gain access to your machine. Fail2Ban works hand in hand with a firewall, so we recommend you to install and enable them as separate security layers.<\/p>

In this article, we will explain what Fail2Ban is and its use cases. We will also show you how to install and set up Fail2Ban.<\/p>

\n
\"\"<\/a><\/figure><\/div>

\n\n\n\n\n\n<\/p>

What Is Fail2Ban and What Is It Used For?<\/h2>

Fail2Ban is a log-parsing application that protects Linux virtual server host<\/a> against many security threats, such as dictionary, DoS, DDoS, and brute-force attacks. It works by monitoring system logs for any malicious activity and scanning files for any entries matching identified patterns.<\/p>

If Fail2Ban detects a spike of failed login attempts, it will automatically add new firewall rules to your iptables and block the source address for a specified time or indefinitely.<\/p>

Installing Fail2Ban helps server owners mitigate any illegitimate activity automatically. It also alerts them via email whenever an attack is occurring.<\/p>

A similar tool to Fail2Ban is Suricata<\/strong>, an intrusion detection and prevention system (IDS\/IPS). Instead of login attempts, this tool monitors your VPS network and notifies users about potentially malicious traffic.<\/p>

If you want to set up the tool, check out our other tutorial to learn how to install Suricata on Ubuntu<\/a>. <\/p>

\"\"<\/a><\/figure>

How to Install Fail2Ban<\/h2>

To install the Fail2Ban service, connect to your server with root access using an SSH client like Terminal (macOS and Linux) or PuTTY<\/a> (Windows).<\/p>

Ubuntu:<\/h3>

Here’s how to install Fail2Ban on Ubuntu<\/a>:<\/p>

    \n
  1. Before installing a new package, we recommend to update the system repository and software. Run the following command:<\/li>\n<\/ol>
    apt-get update && apt-get upgrade<\/pre>
      \n
    1. Install the Fail2Ban package by running the command below:<\/li>\n<\/ol>
      apt-get install fail2ban<\/pre>
        \n
      1. If you want to add email support for the Fail2Ban service, insert the following command and press Enter<\/strong>:<\/li>\n<\/ol>
        apt-get install sendmail<\/pre>
          \n
        1. Verify Fail2Ban status using the following command:<\/li>\n<\/ol>
          sudo systemctl status fail2ban<\/pre>
          Hostinger VPS customers can also use Kodee <\/strong>AI Assistant to confirm Fail2ban’s status post-installation. Access it via your VPS dashboard’s left sidebar and ask it a question like the following example:<\/p>
          \n
          \"Kodee<\/a><\/figure><\/div>
          You can also ask Kodee to restart Fail2Ban by simply entering, “Restart Fail2Ban on my VPS.”<\/p>
          CentOS:<\/h3>
          Follow these steps to install Fail2Ban on CentOS<\/a>:<\/p>
            \n
          1. Fail2Ban for CentOS7 is included in the Extra Packages for Enterprise Linux (EPEL) repository. Download it by running the command below:<\/li>\n<\/ol>
            sudo yum install epel-release<\/pre>
              \n
            1. Once that is done, install Fail2Ban by inputting the following command and pressing Enter<\/strong>:<\/li>\n<\/ol>
              sudo yum install fail2ban<\/pre>
                \n
              1. Enable and start the service by running these commands:<\/li>\n<\/ol>
                sudo systemctl enable fail2ban<\/pre>
                sudo systemctl start fail2ban<\/pre>
                Debian:<\/h3>
                Here’s how to install Fail2Ban on Debian:<\/p>
                  \n
                1. Update and upgrade your system repository by typing in the command below and pressing Enter<\/strong>:<\/li>\n<\/ol>
                  apt-get update && apt-get upgrade -y<\/pre>
                    \n
                  1. Proceed with the Fail2Ban installation using the following command:<\/li>\n<\/ol>
                    apt-get install fail2ban<\/pre>
                      \n
                    1. If you want to add email support, install Sendmail by running this command:<\/li>\n<\/ol>
                      apt-get install sendmail-bin sendmail<\/pre>
                        \n
                      1. Here’s how to check Fail2Ban’s status:<\/li>\n<\/ol>
                        systemctl status fail2ban<\/pre>
                        Fedora:<\/h3>
                        Follow these instructions to install Fail2Ban on Fedora:<\/p>
                          \n
                        1. Update your system repository by inserting the command below and pressing Enter<\/strong>:<\/li>\n<\/ol>
                          dnf update<\/pre>
                            \n
                          1. Install Fail2Ban using this command:<\/li>\n<\/ol>
                            dnf install fail2ban<\/pre>
                              \n
                            1. If you want to install Sendmail, type in the following command and press Enter<\/strong>:<\/li>\n<\/ol>
                              dnf install sendmail<\/pre>
                                \n
                              1. Start and enable the Fail2Ban service by running the following commands:<\/li>\n<\/ol>
                                systemctl start fail2ban<\/pre>
                                systemctl enable fail2ban<\/pre>
                                  \n
                                1. If you’ve added Sendmail, run the following to start and enable it:<\/li>\n<\/ol>
                                  systemctl start sendmail<\/pre>
                                  systemctl enable sendmail<\/pre>
                                  How to Set Up Fail2Ban<\/h2>
                                  After installing Fail2Ban, consider configuring it. In this section, we will explore how to do it using the fail2ban.local<\/strong> and jail.local<\/strong> files.<\/p>
                                  Edit the Default Settings with fail2ban.local (Optional)<\/h3>
                                  The fail2ban.conf<\/strong> file houses Fail2Ban’s basic configuration. It contains the global settings that should not be modified.<\/p>
                                  If you want to make any changes, we recommend creating a local file. Make a copy of fail2ban.conf <\/strong>and rename it to fail2ban.local<\/strong> to override the default configuration profile.<\/p>
                                  Here’s how to change the name of the copy and setup the settings on fail2ban.local file:<\/p>
                                    \n
                                  1. Rename the file to fail2ban.local<\/strong> by running the command below. Keep in mind that it will not produce any output:<\/li>\n<\/ol>
                                    cp \/etc\/fail2ban\/fail2ban.conf \/etc\/fail2ban\/fail2ban.local<\/pre>
                                      \n
                                    1. Type in the following command and press Enter <\/strong>to open the file:<\/li>\n<\/ol>
                                      sudo nano \/etc\/fail2ban\/fail2ban.local<\/pre>
                                        \n
                                      1. Now you can edit the definitions inside the file.<\/li>\n<\/ol>
                                        Let’s go over the options and the values they can take.<\/p>
                                        loglevel = INFO<\/pre>
                                        Define the log output level as:<\/p>