> For the complete documentation index, see [llms.txt](https://docs.clouduxe.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.clouduxe.com/vps-and-dedicated-servers/protecting-your-server-with-fail2ban.md). # Protecting Your Server with Fail2Ban ## How to Protect Your Server with Fail2Ban Fail2Ban is a powerful tool that helps secure your server by monitoring log files and banning IPs that show malicious activity. It’s particularly effective against brute-force attacks. ### Step 1: Install Fail2Ban To install Fail2Ban on your server, use the package manager appropriate for your Linux distribution. #### For Ubuntu/Debian: ```bash sudo apt update sudo apt install fail2ban ``` #### For CentOS/RHEL: ```bash bashCopy codesudo yum install epel-release sudo yum install fail2ban ``` ### Step 2: Configure Fail2Ban After installation, you’ll need to configure Fail2Ban to set up the jails (services to protect). 1. **Copy the default configuration file:** ```bash sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local ``` 2. **Edit the local configuration file:** ```bash sudo nano /etc/fail2ban/jail.local ``` 3. **Enable jails for services you want to protect.** For example, to protect SSH, find the `[sshd]` section and set `enabled` to `true`: ```ini [sshd] enabled = true ``` ### Step 3: Customize Ban Settings You can customize how Fail2Ban handles bans. Look for the following settings in the `jail.local` file: * `maxretry`: Number of failures allowed before banning an IP. * `bantime`: Duration (in seconds) for which an IP is banned. * `findtime`: Time window for the `maxretry` attempts. For example: ```ini iniCopy codemaxretry = 5 bantime = 3600 findtime = 600 ``` ### Step 4: Start and Enable Fail2Ban After configuring, start Fail2Ban and enable it to run on boot: ```bash sudo systemctl start fail2ban sudo systemctl enable fail2ban ``` ### Step 5: Check Fail2Ban Status You can check the status of Fail2Ban and see which IPs have been banned: ```bash sudo fail2ban-client status ``` To check the status of a specific jail (e.g., SSH): ```bash sudo fail2ban-client status sshd ``` ### Step 6: Monitor Logs Fail2Ban logs can be found at `/var/log/fail2ban.log`. Monitoring these logs helps you understand how the bans are functioning. ### Step 7: Adjust as Needed Based on the activity and the number of bans, you might want to adjust the `maxretry`, `bantime`, and other settings to better suit your environment. {% hint style="warning" %} Ensure you do not accidentally block your own IP. Consider whitelisting your IP in the configuration to avoid being locked out. {% endhint %} ### Conclusion Fail2Ban is an essential tool for securing your server against unauthorized access attempts. Regularly monitor and adjust your settings to maintain optimal security. {% hint style="success" %} Your server is now protected with Fail2Ban! {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.clouduxe.com/vps-and-dedicated-servers/protecting-your-server-with-fail2ban.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.