How to install Fail2ban on Linux to protect against brute force attacks
Fail2ban is an open-source intrusion prevention software that can be used to protect your server from brute-force attacks.
It does this by scanning log files and bans IP addresses that exhibit malicious behavior, such as repeated failed login attempts.
Fail2ban is an excellent way to provide another layer of security to your server however, it is not a substitute for strong passwords and other security measures such as firewalls.
Update your package manager:
Install Fail2ban using the package manager:
Configure Fail2ban:
Fail2ban's configuration file is located at /etc/fail2ban/jail.conf. Before making any changes to this file, it's a good idea to create a backup of the original configuration file.
Edit the /etc/fail2ban/jail.local file and configure the services you want to protect from brute-force attacks. Here is an example configuration for the SSH service:
This configuration will monitor the SSH log file located at /var/log/auth.log and ban any IP address that fails to log in after three attempts.
Start the Fail2ban service:
You can check the status of the Fail2ban service using the following command:
If the service is running correctly, you should see a message that says "active (running)."
Fail2ban will now monitor your log files and ban any IP addresses that exhibit malicious behavior. You can view the banned IP addresses using the following command:
You can also unban an IP address using the following command: