Back to blog
May 23, 2026Guides

How to Install and Configure Fail2ban on Linux

Protect your VPS from brute-force attacks by installing Fail2ban with SSH and Nginx jails.

How to Install and Configure Fail2ban on Linux

Fail2ban monitors log files and temporarily bans IP addresses that show malicious behavior — such as repeated failed SSH logins. It is one of the first security tools to install on a new Hiddence VPS.

Installing Fail2ban

bash
# Ubuntu / Debian
sudo apt update
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# CentOS / RHEL / Alma / Rocky
sudo yum install epel-release -y
sudo yum install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Protect SSH

Create a local configuration file (never edit jail.conf directly):

bash
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
findtime = 600

sudo systemctl restart fail2ban

Protect Nginx (optional)

Ban IPs that trigger too many 404 or auth errors:

bash
[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/error.log
maxretry = 5

[nginx-noscript]
enabled = true
port = http,https
filter = nginx-noscript
logpath = /var/log/nginx/access.log
maxretry = 6

Check banned IPs

bash
sudo fail2ban-client status
sudo fail2ban-client status sshd

# Unban an IP if needed:
sudo fail2ban-client set sshd unbanip 1.2.3.4

Best practices

  • Use SSH keys instead of passwords to reduce attack surface
  • Change default SSH port only together with firewall rules
  • Whitelist your office IP in fail2ban ignoreip if needed
  • Monitor /var/log/fail2ban.log regularly
  • Combine Fail2ban with UFW or Firewalld