Fail2Ban is an intrusion prevention software that protects servers from brute-force attacks. It monitors log files and dynamically updates firewall rules to block malicious IP addresses.
📑 Table of Contents
Key Features
- Log Monitoring: Parse logs for attack patterns
- Dynamic Banning: Automatic firewall updates
- Multiple Services: Protect SSH, Apache, Nginx, and more
- Custom Filters: Create rules for any log format
- Email Notifications: Alert on security events
Installation
Install Fail2Ban on Ubuntu:
sudo apt update
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2banUsage Examples
Configure SSH protection:
# /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600Benefits
Fail2Ban provides automated defense against common attacks. Its lightweight design means minimal server impact while offering robust protection for critical services.
Was this article helpful?