How I Use Fail2Ban on Ubuntu and Linux to Block Attackers Before They Get In

✍️ Full Blog Content:

Intro:

Brute-force attacks are constant — especially on public-facing Linux servers. I’ve seen logs fill up with failed login attempts from bots scanning IP ranges 24/7. My go-to defense? Fail2Ban — a powerful tool that bans bad actors based on log patterns. In this post, I’ll walk you through how I use it on both Ubuntu and Linux to block attackers before they do damage.

1. Installing Fail2Ban

✅ Ubuntu:

sudo apt update
sudo apt install fail2ban

✅ Red Hat / CentOS:

sudo yum install epel-release
sudo yum install fail2ban

Then enable and start the service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

2. Protecting SSH (Default Jail)

The default configuration already includes SSH protection. To customize it:

✅ Copy the config:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

✅ Then edit:

sudo nano /etc/fail2ban/jail.local