English
العربية
Restarting Your Server via the Client Area
In some cases, you may need to restart your server directly from the Client Area, especially if...
Fail2Ban is a powerful security tool for Linux servers. It monitors system logs, detects repeated failed login attempts (such as SSH brute-force attacks), and temporarily blocks the offending IPs using the firewall.
Requirements
- Root or sudo access.
- Active Internet connection to install packages.
- SSH port known (default 22).
Installing Fail2Ban by distribution
RHEL-based distributions (AlmaLinux / Rocky / CloudLinux / CentOS)
sudo dnf install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl start fail2ban
Default authentication log path:
/var/log/secure
Debian and Ubuntu
sudo apt update
sudo apt install -y fail2ban
sudo apt install -y fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl start fail2ban
Default authentication log path:
/var/log/auth.log
Basic configuration (works on all systems)
- Copy the main configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Edit the local configuration file:
sudo nano /etc/fail2ban/jail.local
- Enable the SSH protection (Jail):
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log # Ubuntu/Debian
# logpath = /var/log/secure # AlmaLinux/RHEL/Rocky
maxretry = 5
findtime = 600
bantime = 600
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log # Ubuntu/Debian
# logpath = /var/log/secure # AlmaLinux/RHEL/Rocky
maxretry = 5
findtime = 600
bantime = 600
Explanation of each configuration parameter
- [sshd]: Protection unit (Jail) that monitors SSH login attempts.
- enabled = true: Enables monitoring for this service.
- port = ssh: Specifies which port to monitor (default 22).
- filter = sshd: Uses the SSH filter file located in
/etc/fail2ban/filter.d/sshd.conf. - logpath: Path of the authentication log —
/var/log/auth.logfor Ubuntu/Debian,/var/log/securefor RHEL/AlmaLinux. - maxretry = 5: Maximum failed attempts before ban.
- findtime = 600: Time window (seconds) during which failed attempts are counted (10 minutes).
- bantime = 600: Duration (seconds) of the temporary ban (10 minutes).
Tip: You can increase the ban duration to one hour by setting
bantime = 3600.sudo systemctl restart fail2ban
Verifying the status
sudo fail2ban-client status
sudo fail2ban-client status sshd
Warning: Ensure that
logpath matches your distribution, otherwise Fail2Ban will not detect failed attempts.Common errors and solutions
- bash: nano: command not found
Fix: install nanosudo dnf install nano -y # RHEL/AlmaLinux
sudo apt install nano -y # Ubuntu/Debian - Failed to start fail2ban.service: Unit not found
Fix: update repositories and reload servicessudo dnf update -y
sudo apt update
sudo systemctl daemon-reload
sudo systemctl enable --now fail2ban - No IPs are being banned:
Check that thelogpathis correct for your distribution and restart the service.
Need help? If you face any issues during setup, don’t hesitate to contact our support team.