Setting up Fail2Ban

on January 10, 2025

Fail2Ban adds an extra layer of security for your Linux. Most likely, it’s not necessary if you are running your Linux on desktop or laptop environment, but I recommend it if you are running a server.

For desktop and laptop environments, UFW is enough.

Install Fail2Ban to Debian

sudo apt install fail2ban

Install Fail2Ban to Arch Linux

sudo pacman -S fail2ban

After the installation is finished, run the following command

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

This basically means that we do a backup with the original configuration file and in the future we edit the .local file, instead of the .conf file.

Side note: When working with Linux, always take a backup with the original configuration file.

Open up the jail.local file with nano and make sure that the SSHD jail is enabled.

[sshd]
. . .
enabled = true
. . .

Set up the bantime to be “forever”. So once you have blocked the IP, you make sure that there is no second or third tries from that IP.

bantime = -1

Start and enable the Fail2Ban service

sudo systemctl start fail2ban
sudo systemctl enable fail2ban
sudo systemctl status fail2ban

Check the Fail2Ban status on SSHD

sudo fail2ban-client status sshd

Source(s):