install fail2ban in ubuntu, centos

How to Install Fail2ban to Protect Apache Server

Fail2ban is a useful firewall & intrusion prevention framework that automatically detects and blocks brute force attacks on your servers. It analyzes server logs for such malicious attacks and blocks those IP addresses using IP tables. Here’s how to install Fail2ban on Ubuntu, CentOS systems.

How to Install Fail2ban to Protect Apache Server

Here are the steps to install Fail2ban for Apache web server.

1. Install Fail2ban


Open terminal and run the following commands to install Fail2ban in Ubuntu server.

$ sudo apt-get update 
$ sudo apt-get install fail2ban -y


Open terminal and run the following commands to install Fail2ban in CentOS server.

# sudo yum install -y epel-release
# sudo yum install -y fail2ban

Bonus Read : Top AWS Cost Optimization Best Practices

2. Restart Fail2ban

Restart Fail2ban to apply changes

$ sudo service fail2ban restart

Bonus Read : How to Install memcached in Apache

3. Check Fail2ban status

Run the following command to check Fail2ban status

$ sudo service fail2ban status
$ active(running)

Bonus Read : Top 5 Log Management Tools for Server Monitoring

4. Configure Fail2ban

Next, we will create a configuration file to customize it. Fail2ban will look for a file named jail.local and read its contents for configuration. However, this file doesn’t exist by default. So we will create it

$ sudo vi /etc/fail2ban/jail.local

Paste the following lines into this file.

 ignoreip = ::1 
 bantime = 3600 
 findtime = 600 
 maxretry = 5 
 enabled = true

Save and close the file.

In the above configuration, we instruct Fail2ban to ignore IP address that is localhost. In the remaining lines we specify different time limits in seconds. For example, if there are 5 re-attempts (maxretry=5) within 600 seconds(findtime=600), then those IP addresses should be banned for 3600 seconds (bantim=3600), that is, 1 hour. You can change these settings as per your requirement.

Restart Fail2ban to apply changes.

$ sudo service fail2ban restart

Hopefully, this article will help you protect your Apache Server and SSH from brute force attacks.