Why Do You Need fail2ban on Your Linux Server?

Most server administrators use the Secure Shell Protocol (SSH) to connect to servers. While SSH is very robust and secure for data transfer, it does not protect your server against brute-force attacks by default. An attacker can attempt to access your server for an unlimited number of times.

These attacks could lead to server slow down. Given enough time the attacker can access your server and hijack it. Securing a server against such attacks is essential on the internet.

Here fail2ban comes into play. fail2ban helps prevent brute-force attacks by looking for authentication failures in a service’s logs, if the failures meet certain conditions fail2ban will create firewall rules to block the IP addresses, thus hindering the attack.

How to install fail2ban?

Installing fail2ban is as simple as typing the following command in the Linux terminal

sudo apt update
sudo apt install fail2ban
sudo yum update
sudo yum install epel-release 
sudo yum install fail2ban

We need to make a copy of the fail2ban config files that we will edit. This is because fail2ban.conf and jail.conf could get overwritten when updating the fail2ban package.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local 
sudo cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

Run fail2ban with default configurations

 sudo service fail2ban restart 

To see which services are protected by fail2ban

 sudo fail2ban-client status 

More content coming soon on how to configure fail2ban. stay posted.

Leave a Comment