The question arises whether your server is well secured against brute force, unauthorized login attempts, and any kind of security threats. In the contemporary era of cybersecurity, the server demands equal concern and attention as an individual and organization. One such solution to the problem would be, to “Fail2ban install”- one of the effective tools of intrusion prevention against unauthorized access and malicious behavior on a server. This tool will warn your server log files concerning any unauthorized activity and will block IP offending without further disturbing the normal functioning of your server.
This guide contains a step-by-step explanation for installing Fail2Ban on an Ubuntu, Debian 12, CentOS, and Fedora system. We will consider all the necessary things like prerequisites, configuration options, advanced setups, integrations with CyberPanel, troubleshooting, and much more.
What does Fail2Ban do?
Fail2Ban is a software intrusion prevention framework that looks at the log files and identifies entries that match known attack patterns. Once found, Fail2Ban will automatically add a firewall rule so that the IP address will get blocked from an attack. Most importantly, it protects services, including SSH, FTP, and HTTP.
With Fail2Ban, you can easily harden your server from brute-force attacks, dictionary attacks, and a myriad of other threats.
Prerequisites
The following must be confirmed as requisite before going through the installation:
- Root or Sudo Access: Fail2Ban requires administrative privileges for installation and configuration.
- Reliable Internet Connection: Downloading packages and installing them.
- Firewall set-up: Fail2Ban will work with tools such as UFW, iptables or firewalld.
- Log File Availability: The service should create log files in the standard locations, such as /var/log/auth.log and /var/log/nginx/error.log, for the services they are supposed to protect (e.g. SSH, Nginx).
- Supported Operative Systems: This installation guide covers Ubuntu, Debian 12, CentOS, and Fedora.
How to Install Fail2Ban on Ubuntu
Step 1: Update Package List
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
The very first thing you should do when installing software from Ubuntu is to update the system package list. Open up a terminal and use the following command:
sudo apt updateOutput:
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InReleaseStep 2: Install Fail2Ban
Now that your package list is updated, you can install Fail2Ban by using the following command:
sudo apt install fail2banOutput:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
fail2ban-common
Suggested packages:
sendmail
The following NEW packages will be installed:
fail2ban fail2ban-common
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,481 kB/2,629 kB of archives.
After this operation, 11.3 MB of additional disk space will be used.Step 3: Start and Enable Fail2Ban Service
Once Fail2Ban has been installed, you will be able to start and enable the service such that it will run automatically every time the computer boots:
sudo systemctl start fail2ban
sudo systemctl enable fail2banOutput:
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.Step 4: Check Fail2Ban Status
Check for live and active Fail2Ban service by executing:
sudo systemctl status fail2banOutput:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-12-30 10:00:00 UTC; 10s ago
Docs: man:fail2ban(1)
Main PID: 1234 (fail2ban-server)
Tasks: 5 (limit: 1137)
Memory: 12.5M
CGroup: /system.slice/fail2ban.service
└─1234 /usr/bin/python3 /usr/bin/fail2ban-server -bInstall Fail2Ban on CentOS
Step 1: Updating Your System
Thus, the system packages have been updated on CentOS:
sudo yum update -yOutput:
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrorsStep 2: Install Fail2Ban
To install Fail2Ban, use this command:
sudo yum install epel-release -y
sudo yum install fail2ban -yOutput:
Loaded plugins: fastestmirror, langpacks
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.x86_64 0:0.11.2-3.el7 will be installedStep 3: Start and Enable Fail2Ban Service
Now start and enable Fail2Ban:
sudo systemctl start fail2ban
sudo systemctl enable fail2banOutput:
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.Step 4: Check Fail2Ban Status
To check whether the service is running or not:
sudo systemctl status fail2banOutput:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-12-30 10:10:00 UTC; 20s agoInstall Fail2Ban on Fedora
Step 1- Updating the system
Update the system package list:
sudo dnf update -yOutput:
Fedora 34 - x86_64 - UpdatesStep 2- Install Fail2Ban
Install Fail2Ban via DNF:
sudo dnf install fail2ban -yOutput:
Last metadata expiration check: 0:02:00 ago on Mon 30 Dec 2024 10:20:00 UTC.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
fail2ban x86_64 0.11.2-3.fc34 Fedora 34 - Updates 1.2 MBStep 3- Start Fail2Ban and Enable it
Start and enable the service:
sudo systemctl start fail2ban
sudo systemctl enable fail2banOutput:
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service.Step 4- To Check the Status of Fail2Ban
To check if Fail2Ban is working properly, execute:
sudo systemctl status fail2banOutput:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-12-30 10:30:00 UTC; 30s agoInstalling Fail2Ban on Debian 12
Step 1: Upgrade Your System
The first step to “install Fail2ban Debian 12” is updating your system. You can execute the following command in your system; it will update the package list on Debian 12.
sudo apt updateOutput:
Hit:1 http://deb.debian.org/debian 12.0 InRelease
Hit:2 http://security.debian.org/debian-security 12.0-security InReleaseStep 2: Install Fail2Ban
Now let’s install the Fail2ban using:
sudo apt install fail2banOutput:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
fail2ban-common
Suggested packages:
sendmail
The following NEW packages will be installed:
fail2ban fail2ban-commonStep 3: Start and Enable Fail2Ban
Start the service and set it to run automatically when the system boots:
sudo systemctl start fail2ban
sudo systemctl enable fail2banOutput:
Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /lib/systemd/system/fail2ban.service.Step 4: Check Fail2Ban Status
To see the status of the Fail2Ban service, run:
sudo systemctl status fail2banOutput:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-12-30 10:40:00 UTC; 10s agoConfiguring Fail2Ban: A Detailed Guide After You Install Fail2Ban
The next critical step after installing fail2ban will be configuring it to protect your server against brute force and other kinds of malicious attacks. Fail2Ban actually watches your logs and automatically bans IP addresses that do suspicious actions, for example, too many attempts of logging in without success. Below is an in-depth tutorial showing you how to configure fail2ban after its installation.
1. Configuration Files
Most importantly with fail2ban as soon as you install it, you will have to know about the main configuration files:
- /etc/fail2ban/fail2ban.conf: This contains global settings.
- /etc/fail2ban/jail.conf: This file is the one that governs different rules as per each service (called jail). Do not ever modify it directly; rather create a jail.local file so that your modification does not get overwritten in updates.
Tip: Keep on using jail.local for your fiddles.
2. Understanding Jails
On fail2ban install, the jails come with it. A jail is a rule for monitoring a service, e.g., SSH or Apache, and for taking action, such as banning an IP, after suspicious activity has been detected. Each jail contains the following:
- Filter: It defines what entries in the logs or events should be monitored (e.g., failed login attempts).
- Action: It defines what should a person do when he meets the filter condition (e.g., block an IP address).
3. After you install Fail2Ban, Configure SSH Protection
By far, the most common procedure right after you install fail2ban is to guard your SSH service against brute-force attempts. Go through the steps below to configure the SSH jail:
Open or create the jail.local file for fail2ban configuration:
<strong>sudo nano /etc/fail2ban/jail.local</strong>Add the next setting to activate the SSH jail:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
findtime = 600- enabled: Set to true for enabling the jail for SSH.
- port: The port for SSH (by default 22).
- filter: The filter to be used in detecting failed SSH login attempts (should be sshd).
- logpath: Points to the log file (which is mostly /var/log/auth.log).
- maxretry: The maximum number of failed logins before banning the IP (default: 3).
- bantime: This is the time that an IP would be banned for, in seconds (set to 600 seconds, or 10 minutes).
- findtime: This would be the time frame (in seconds) to calculate the number of failed login attempts (set to 600 seconds).
Step 2: Restart Fail2Ban
sudo systemctl restart fail2banStep 3 – Check the status of the SSH Jail
sudo fail2ban-client status sshdYou should see something like the following:
Status for the jail: sshd
|- Filter
| |- File list: /var/log/auth.log
| |- Currently banned: 0
| `- Total banned: 0
`- Actions
|- Currently banned: 0
`- Total banned: 04. Customizing Ban Times and Limits After Installing Fail2Ban
Once you install and run fail2ban, you can also customize its behavior by adjusting some settings in your jails:
- maxretry: Set the number of allowed failed retries to either more or less.
- bantime: Change the time an IP address can be banned altogether.
- findtime: Change the time window during which failed attempts are counted.
For example, if you want to permit 5 failed logins before banning for 1 hour (3600 seconds), change your jail.local to:
- maxretry = 5
- bantime = 3600 # 1 hour
- findtime = 600 # 10 minutes
5. Custom Jails for Other Services After Installing Fail2Ban
Once you’ve completed the initial installation as well as the configuration to protect SSH, Fail2Ban can create custom jails for other services like, say, Apache, Nginx, or FTP.
For example for Apache, the jail.local would contain the following entries at entry points:
[apache]
enabled = true
port = http,https
filter = apache
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
findtime = 600If a custom filter is required for a given service, the filter can simply be created under /etc/fail2ban/filter.d/.
6. Configuring Email Notifications Following the Setup of Fail2Ban
After you install fail2ban, among the other features, there are email alerts. You can configure fail2ban to send an email alert in cases where some IPs have been banned. Just add the part below to your jail.local to set up email notifications:
- mta: This would define the mail transport agent (for example, sendmail).
- action: This would define what action sends the email with logs on banned IPs.
You will also need to configure an SMTP transport such as ssmtp or msmtp to forward the email notifications.
7. Failure2Ban Installation Testing and Verification
After finishing configuring all requirements to install fail2ban, the only possible way to check success is to test whether it has started working as expected. Below are the testing steps for you:
- SSH Protection Test: Try logging in to the system incorrectly a few times and check if the attacking IP addresses are banned.
- Log Check: Check the fail2ban logs to ensure that bans are actually being triggered.
Use the following command to view the logs of Fail2ban:
tail -f /var/log/fail2ban.logThe logs should show entries like:
2024-12-30 10:00:01,123 fail2ban.actions [1234]: NOTICE [sshd] Ban 192.168.1.100See the banned IPs: The list of banned IPs can be found using the following command:
sudo fail2ban-client status sshdHow to Install Fail2Ban on CyberPanel
CyberPanel is a complete web hosting control panel that allows one to manipulate the server. To strongly secure your server, Fail2Ban can be used to ban IPs whose login attempts fail many times.
Below is an uncomplicated step-by-step guide on how to install Fail2Ban on CyberPanel:
Step 1: Log in to Your Server
SSH into your server:
ssh root@your-server-ipStep 2: Update System Packages
Update your system to make sure that you have the latest package:
- For Ubuntu/Debian:
<strong>sudo apt update && sudo apt upgrade -y</strong>- For CentOS/Fedora:
sudo yum update -y # CentOS/RHEL
sudo dnf update -y # FedoraStep 3: Install Fail2Ban
Fail2Ban can be installed using the appropriate command:
- Ubuntu/Debian:
sudo apt install fail2ban -y- CentOS/Fedora:
sudo yum install epel-release -y
sudo yum install fail2ban -y # CentOS
sudo dnf install fail2ban -y # FedoraStep 4: Start Fail2Ban
Initiate Fail2Ban and configure it to launch at boot by using:
sudo systemctl start fail2ban
sudo systemctl enable fail2banStep 5: Configure Fail2Ban
Configure Fail2Ban to monitor services such as SSH and CyberPanel. Open the configuration file:
sudo nano /etc/fail2ban/jail.local- Ensure that the following section is enabled for SSH:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
findtime = 600- To protect CyberPanel Login, add this:
[cyberpanel]
enabled = true
port = http,https
filter = apache-auth
logpath = /usr/local/lscp/logs/error_log
maxretry = 3
bantime = 600
findtime = 600Step 6: Restart Fail2Ban
Restart Fail2Ban to load the new configurations:
sudo systemctl restart fail2banStep 7: Check Status
Use to check if Fail2Ban is running:
sudo fail2ban-client statusTo check the status of the CyberPanel jail:
sudo fail2ban-client status cyberpanelFAQs
1. Fail2Ban – What is it and why should I install it?
This is basically a security tool within which you can secure your server from repeated attempts to log in with incorrect usernames and passwords by blocking those IP addresses so that they cannot log in anymore. It’s very important to stop brute-force attacks on the most sensitive services offered by your server, like SSH and web applications.
2. On which operating systems Fail2Ban can be set up?
Fail2Ban can be installed on almost any Linux distribution, including Ubuntu, Debian, CentOS, and Fedora. It works on any system that uses log files to find failures in login attempts.
3. How can I configure Fail2Ban after installation?
Once you install it, you have to configure Fail2Ban by editing the jail.local file. You can enable or disable watching of certain services, like SSH, Apache, and CyberPanel. Change settings like the retry and ban time to meet your needs.
4. Will Fail2Ban slow my server down?
Fail2Ban has a minimal negative effect on performance on a server. It just monitors log files for failed login attempts and blocks malicious IPs from accessing the network resources. It’s lightweight in terms of resource usage and most servers run without it having a significant effect on resource usage.
5. How will I know Fail2Ban is running properly?
You can check Fail2Ban status by using the command fail2ban-client status. This command gives you results of active jails with their banned IP’s. You could check it by having multiple failed attempts to log in and see if it is able to deny the IP after the number of trials you specified.
Protect Your Server with Fail2Ban – Vital for Every Administrator
To wrap up, Fail2Ban is the basic need for any administrator managing a server, who believes in rigorous security. It safeguards the server from brute force attacks, thereby keeping SSH, FTP, and web applications from unauthorized access. Whether small or big, without fail, Fail2Ban offers an additional layer of barrier to those malicious IPs blocking out other common attack vectors.
Installing Fail2Ban is very simple and incredibly effective. It’s just a small investment of time for massive boosts in security for your server. In two or three steps, you can set up Fail2Ban on your CyberPanel or any Linux server, configure it to protect critical services, and keep unwanted users at bay.
Do not wait for the last moment. Secure your server, using Fail2Ban.
Ready to gear up?
Follow our guide above to install Fail2Ban and secure your server from brute-force attacks. Stay one step ahead and ensure your server protection now!
