Posted January 19Jan 19 You are reading Part 6 of the 57-part series: Harden and Secure Linux Servers. [Level 1]This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.Fail2Ban is a security tool that protects your Linux server from brute-force attacks by automatically blocking IP addresses after multiple failed login attempts. This prevents attackers from repeatedly trying different passwords to gain access.How to Install and Configure Fail2BanInstall Fail2Ban:sudo apt install fail2ban -y(For CentOS/RHEL, use sudo yum install fail2ban -y)Edit the Fail2Ban configuration file:sudo nano /etc/fail2ban/jail.confLook for the [sshd] section and modify the settings:[sshd] enabled = true maxretry = 5 bantime = 3600enabled = true → Activates Fail2Ban protection for SSH.maxretry = 5 → Blocks an IP after 5 failed login attempts.bantime = 3600 → Blocks the offending IP for one hour (3600 seconds).Save the file and restart Fail2Ban:sudo systemctl restart fail2banCheck Fail2Ban status and active bans:sudo fail2ban-client status sshdThis will show currently banned IPs and active protection rules.Best Practices for Fail2Ban:✅ Adjust ban time and retry limits to fit your security needs (e.g., longer bans for persistent attackers).✅ Monitor logs with sudo fail2ban-client status sshd to track failed login attempts.✅ Enable email notifications to get alerts when an IP is blocked.By setting up Fail2Ban, you automatically block malicious login attempts, protecting your server from unauthorized access attempts and brute-force attacks.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.