Install Fail2ban on an Ubuntu

 In Dedicated, Security, VPS

Install fail2ban

As always, first login to your VPS via SSH:

# ssh user@hostname

Installing Fail2ban is very simple just run:

user@hostname ~$ sudo apt-get update
user@hostname ~$ sudo apt-get install fail2ban

If you want Fail2ban to send mail notifications, you’ll need some kind of SMTP server such as Posfix, Exim or Sendmail. For example, you can install Posfix with the following command:

user@hostname ~$ sudo apt-get install postfix

Configure fail2ban

The best practice is to duplicate the default Fail2ban configuration file and to work on a local copy, which keeps your changes safe from updates. To create a local copy (jail.local) just run:

user@hostname ~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After the file is copied, you should make all your changes and additions to the jail.local file.

Open up the jail.local file in your text editor of choice and let’s make some changes.

user@hostname ~$ sudo vim /etc/fail2ban/jail.local

The [DEFAULT] section:

  • ignoreip:, by default only is whitelisted, you should also add your VPS and Local IP addresses into the ignoreip line.example: ignoreip =
  • bantime:, the ban time (in seconds). You can use a negative number for permanent ban.
  • maxretry:, the number of failures before an IP get banned.
  • destemail:, the email to which the alerts will be sent. You should put your email address.
  • action:, if you want to receive alerts with whois report and relevant log lines, change it to:action = %(action_mwl)s

Fail2Ban Jails

Jails are the rules which Fail2Ban apply to a given service and are combination of a filter and action. By default only the ssh jail is enabled, you can enable additional jails according to your needs by changing enabled = false to enabled = true

Finally restart the Fail2Ban service so that the changes take effect.

user@hostname ~$ sudo /etc/init.d/fail2ban restart

Tweak Filters

If you want to tweak the existing filters or add some new filters, you can find them in the /etc/fail2ban/filter.d/ directory.
For example if you want to edit the Fail2Ban filter for the OpenSSH service, open end edit the following file:

user@hostname ~$ sudo vim /etc/fail2ban/filter.d/sshd.conf

Do not forget to restart the Fail2Ban service after you make changes to the configuration files.


That’s it. You have successfully installed Fail2Ban on your Ubuntu. For more information about Fail2Ban, please refer to the Fail2Ban website.

Recommended Posts

Start typing and press Enter to search