Fail2Ban Documentation

Fail2Ban is an intrusion prevention software that helps protect your system from brute-force attacks and other malicious activities. It monitors log files and takes action against IP addresses that show suspicious behavior. This documentation provides an overview of Fail2Ban and how to set it up on your system.

To install Fail2Ban on your system, follow these steps:

Before installing Fail2Ban, update the package list to ensure you get the latest version available:

$ sudo apt update

Install Fail2Ban using your package manager (for Ubuntu/Debian):

$ sudo apt install fail2ban

Fail2Ban's main configuration file is located at /etc/fail2ban/jail.conf. However, it's recommended to create a local configuration file to avoid overwriting changes during package updates:

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open /etc/fail2ban/jail.local using a text editor and customize the settings according to your needs. Some common configurations include:

• bantime: The duration in seconds for which an IP address is banned.
• maxretry: The number of failed login attempts before banning an IP .

Note

   By default the server allows 3 wrong password retries , to fail2ban it only counts as one

• destemail: The email address where notifications are sent.

After making changes to the configuration, restart Fail2Ban for the changes to take effect:

$ sudo systemctl restart fail2ban

Fail2Ban provides several commands to monitor and troubleshoot its functionality:

• fail2ban-client status: Check the status of Fail2Ban and the number of bans in effect.
• fail2ban-client status <jail-name>: Check the status of a specific jail.
• fail2ban-client set <jail-name> unbanip <ip-address>: Unban a specific IP address.