How to install and configure Fail2ban on Ubuntu 12.04 to Stop Brute Force Attacks

Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs etc.. and uses iptables profiles to block brute-force attempts.

Install Fail2ban:

Configure Fail2ban:

The original configuration file of fail2ban is /etc/fail2ban/jail.conf. We will create a local copy of configuration file.

Now we will edit the jail.local file as our requirement. In this article I will show you how to stop brute force attack to SSH.

Remove all configuration line and add the below lines to the file:

Save the file and restart the fail2ban service.

We can see the rules that fail2ban puts in effect within the IP table by issuing below command:

Now try to SSH to the instance with broken password and It will block you. Here is the test result for me

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
The following two tabs change content below.

Tapas Mishra

Sr. Engineer (DevOps)
Loves to work on Opensource products. Having experience on Linux environment. Knowledge on Public cloud services like AWS, Rackspace, DigitalOcean, Linode. Please don't hesitate to give a comment on the posts. Your comments are my strength.

Leave a Reply