How to Set Up Fail2Ban on Linux (Protect Your Server from Brute-Force Attacks)
One of the easiest and most effective ways to protect your Linux server from brute-force attacks is to install
Fail2Ban. It monitors your log files and
automatically bans IPs that show signs of malicious behavior — like repeated SSH login failures, web attacks, or abusive bots.
In this guide, you'll learn how to
install and configure Fail2Ban on your Linux server in just a few steps.
Brought to you by
Vastrox.com — your trusted platform for secure, scalable, and smart server deployment.
What is Fail2Ban?
Fail2Ban is a log-parsing intrusion prevention system for Linux. It scans service logs (like SSH, Apache, NGINX, etc.) for suspicious activity and
bans offending IP addresses by updating firewall rules.
It helps protect against:
- SSH brute-force attacks
- WordPress admin scans
- Web panel login attempts
- Common DDoS and spam bots
- FTP brute-force attempts
What You’ll Need
- A Linux server (Ubuntu, Debian, CentOS, AlmaLinux, etc.)
- Root or sudo access
- OpenSSH or web-based services running
If you're using
Vastrox server templates, Fail2Ban can be pre-installed and pre-configured for SSH and common web services.
Step 1: Install Fail2Ban
On
Ubuntu / Debian:
sudo apt update && sudo apt install fail2ban
On
CentOS / AlmaLinux / RHEL:
sudo yum install epel-release
sudo yum install fail2ban
Then enable the service:
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Step 2: Create a Local Configuration
Never edit the main config file directly. Instead, create a .local copy:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now open it:
sudo nano /etc/fail2ban/jail.local
Step 3: Configure SSH Protection
Look for this section:
ini
CopyEdit
<span><span><span>[sshd]</span></span><span><br></span><span><span>enabled</span></span><span> = </span><span><span>true</span></span><span><br></span><span><span>port</span></span><span> = ssh<br></span><span><span>filter</span></span><span> = sshd<br></span><span><span>logpath</span></span><span> = /var/log/auth.log<br></span><span><span>maxretry</span></span><span> = </span><span><span>5</span></span><span><br></span><span><span>bantime</span></span><span> = </span><span><span>3600</span></span><span><br></span><span><span>findtime</span></span><span> = </span><span><span>600</span></span><span><br></span></span>
You can adjust:
- maxretry – Number of failed attempts before ban
- bantime – How long the ban lasts (in seconds)
- findtime – Time window to monitor for failed logins
Tip: For SSH logs on CentOS/RHEL, change logpath to /var/log/secure
Step 4: Add Web or FTP Jail (Optional)
To protect
Apache,
NGINX, or
FTP, enable additional jails in the same file:
Example for NGINX login failures:
ini
CopyEdit
<span><span><span>[nginx-http-auth]</span></span><span><br></span><span><span>enabled</span></span><span> = </span><span><span>true</span></span><span><br></span><span><span>filter</span></span><span> = nginx-http-auth<br></span><span><span>logpath</span></span><span> = /var/log/nginx/error.log<br></span><span><span>maxretry</span></span><span> = </span><span><span>3</span></span><span><br></span></span>
For ProFTPD or vsftpd, similar jails are included in the file.
Step 5: Restart Fail2Ban and Check Status
Restart the service to apply changes:
sudo systemctl restart fail2ban
Check the status:
sudo fail2ban-client status
To view SSH jail details:
sudo fail2ban-client status sshd
You’ll see how many IPs are currently banned and recent actions.
Step 6: Unban an IP (If Needed)
To remove a mistakenly banned IP:
sudo fail2ban-client set sshd unbanip 192.168.1.100
You can also whitelist trusted IPs in:
Under [DEFAULT], add:
ini
CopyEdit
<span><span><span>ignoreip</span></span><span> = </span><span><span>127.0</span></span><span>.</span><span><span>0.1</span></span><span> your.ip.address<br></span></span>
Best Practices
- Combine Fail2Ban with UFW firewall for extra protection
- Set email alerts for bans by configuring the action parameter
- Monitor logs regularly to see if you're under attack
- Use longer bantime for persistent brute-force attempts
Vastrox Includes Fail2Ban-Ready Templates
With
Vastrox.com, security isn’t an afterthought — it’s baked in:
- Fail2Ban pre-installed on SSH and NGINX stacks
- Pre-configured jails for game panels, admin dashboards, and web logins
- One-click hardening templates
- Real-time attack visibility
Whether you run Minecraft servers, Laravel apps, or game panels — Vastrox helps you stay one step ahead of attackers.
Conclusion
You now have a solid, lightweight intrusion prevention system running on your Linux server.
Fail2Ban is fast, flexible, and a must-have for anyone hosting public-facing services.
For more Linux security guides, deployment tips, and optimization tutorials, visit
Vastrox.com.
We help you protect what you build — automatically.