Internet servers are routinely exposed to a barrage of attempts to gain unauthorized access to server resources. Common targets include SSH, SMTP, HTTP authentication, and FTP services. This guide will help you use Fail2ban on your Linux VPS to block automated attempts to compromise the system.
Please note that Fail2ban should not be relied upon as your sole means of preventing unauthorized access to services. It is useful in scenarios where you are required to allow password logins to services like SSH; it reduces the likelihood of an account being compromised, but does not eliminate it due to the highly distributed nature of botnet attacks.
This guide assumes you've completed the steps outlined in our getting started guide. Make sure you're logged into your VPS as root before proceeding.
Make sure your package repositories and installed programs are up to date by issuing the following commands:
apt-get update apt-get upgrade --show-upgraded
On Debian and Ubuntu systems, issue the following command to get Fail2ban installed:
apt-get install fail2ban
Edit the configuration file /etc/fail2ban/jail.conf to set up blocking for various services. SSH blocking will be enabled by default. To make sure you don't accidentally lock yourself out of services, you can set the ignoreip variable to match your home or office connection's IP address. Set bantime to specify how long (in seconds) bans should last. The maxretry variable specifies the default number of tries a connection may be attempted by any IP before a ban is put in place.
Fail2ban will monitor your log files for failed login attempts. After an IP address has exceeded the maximum number of authentication attempts, it will be blocked at the network level and the event will be logged in /var/log/fail2ban.log.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.
Last edited by Amanda Folson on Tuesday, May 24th, 2011 (r2082).