Fail2Ban monitors log files and automatically bans IP addresses that show signs of brute-force activity — too many failed login attempts, repeated bad requests, or other malicious patterns. This guide installs and configures Fail2Ban on Ubuntu 26.04 LTS to protect SSH and other services.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS server
- A user with sudo privileges
- UFW or iptables installed and active
Step 1 – Install Fail2Ban
Update the package list and install:
sudo apt update
sudo apt install fail2ban -yStep 2 – Create a Local Configuration File
Never edit jail.conf directly — it will be overwritten on upgrades. Create a local override:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localStep 3 – Configure the SSH Jail
Open the local config and locate or add the [sshd] section:
sudo nano /etc/fail2ban/jail.localAdd or update these settings under [sshd]:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 1h
findtime = 10mStep 4 – Start and Enable Fail2Ban
Enable and start the service:
sudo systemctl enable fail2ban
sudo systemctl start fail2banStep 5 – Check Jail Status
Verify the SSH jail is active:
sudo fail2ban-client status
sudo fail2ban-client status sshdStep 6 – Unban an IP Address
If a legitimate IP gets banned accidentally:
sudo fail2ban-client set sshd unbanip 203.0.113.10Step 7 – View Fail2Ban Logs
Monitor activity in real time:
sudo tail -f /var/log/fail2ban.logConclusion
Fail2Ban is now actively protecting your Ubuntu 26.04 LTS server from brute-force attacks. Adjust maxretry, bantime, and findtime to match your tolerance for failed attempts.
