Fail2Ban monitors log files and automatically bans IP addresses showing brute-force patterns. This guide installs and configures Fail2Ban on Ubuntu 24.04 LTS to protect SSH and other services.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- Ubuntu 24.04 LTS server
- A user with sudo privileges
- UFW or iptables installed and active
Step 1 – Install Fail2Ban
Update and install:
sudo apt update
sudo apt install fail2ban -y Step 2 – Create a Local Configuration File
Never edit jail.conf directly:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Step 3 – Configure the SSH Jail
Edit the local config:
sudo nano /etc/fail2ban/jail.local Add or update under [sshd]:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 1h
findtime = 10m Step 4 – Start and Enable Fail2Ban
Enable and start:
sudo systemctl enable fail2ban
sudo systemctl start fail2ban Step 5 – Check Jail Status
Verify the SSH jail is active:
sudo fail2ban-client status
sudo fail2ban-client status sshd Step 6 – Unban an IP Address
Unban a legitimate IP:
sudo fail2ban-client set sshd unbanip 203.0.113.10 Step 7 – View Fail2Ban Logs
Monitor activity:
sudo tail -f /var/log/fail2ban.log Conclusion
Fail2Ban is now protecting your Ubuntu 24.04 LTS server from brute-force attacks. Adjust maxretry, bantime, and findtime to match your security requirements.
