How I Use Fail2Ban on Ubuntu and Linux to Block Attackers Before They Get In | by Faruk Ahmed | May, 2025
#ubuntu#linux#bash#sudo
Faruk

Faruk @cyberwebpen

About: InfoSec Analyst | 10+ yrs in DLP, CrowdStrike, QRadar, Qualys, Linux Admin, WebLogic Admin | Python & Bash Enthusiast | Passionate about cybersecurity, automation, and continuous learning.

Joined:
Apr 27, 2025

How I Use Fail2Ban on Ubuntu and Linux to Block Attackers Before They Get In | by Faruk Ahmed | May, 2025

Publish Date: May 30
0 0

Member-only story

How I Use Fail2Ban on Ubuntu and Linux to Block Attackers Before They Get In

--

Share

✍️ Full Blog Content:

Intro:

Brute-force attacks are constant — especially on public-facing Linux servers. I’ve seen logs fill up with failed login attempts from bots scanning IP ranges 24/7. My go-to defense? Fail2Ban — a powerful tool that bans bad actors based on log patterns. In this post, I’ll walk you through how I use it on both Ubuntu and Linux to block attackers before they do damage.

1. Installing Fail2Ban

✅ Ubuntu:

sudo apt updatesudo apt install fail2ban
Enter fullscreen mode Exit fullscreen mode

✅ Red Hat / CentOS:

sudo yum install epel-releasesudo yum install fail2ban
Enter fullscreen mode Exit fullscreen mode

Then enable and start the service:

sudo systemctl enable fail2bansudo systemctl start fail2ban
Enter fullscreen mode Exit fullscreen mode

2. Protecting SSH (Default Jail)

The default configuration already includes SSH protection. To customize it:

✅ Copy the config:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Enter fullscreen mode Exit fullscreen mode

✅ Then edit:

sudo nano /etc/fail2ban/jail.local
Enter fullscreen mode Exit fullscreen mode

👉 Read Full Blog on Medium Here

Comments 0 total

    Add comment