News
Faster Speeds: Bandwidth for vStack Servers in Kazakhstan Increased to 200 Mbps
Log in Sign up
JH
Joe Harris
October 15 2020
Updated June 27 2025

How to Install and Configure Fail2ban on Ubuntu 20.04 for Server Security

Linux Security Ubuntu

Fail2ban is a powerful security tool designed to protect your server by monitoring open ports and running services for suspicious activity. It actively scans log files for repeated failed login attempts or other malicious behavior and automatically blocks the offending IP addresses by updating firewall rules for a specified period. This automated protection significantly reduces the risk of brute force attacks, unauthorized access, and other automated hacking attempts. In this tutorial, we will guide you step-by-step through the installation and configuration of Fail2ban on Ubuntu 20.04, helping you enhance your server’s security by customizing rules, managing jail configurations, and using the fail2ban-client utility.

Fail2ban installation

To install Fail2ban use this command:

apt install fail2ban

It starts automatically after installation. To check the service status use this command:

systemctl status fail2ban

Fail2ban configuration

To change the default ban settings for all services, make a copy of the jail.conf file.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open the jail.local file and go to the [DEFAULT] section. For example, let's set the ban time to 3600 minutes.

bantime = 3600m

To see all the available rules, go to the JAILS section. For example:

[nginx-http-auth]

After changing the file, restart the service.

systemctl restart fail2ban

Adding and configuring rules

There is a /etc/fail2ban/jail.d/ folder for managing active rules. You can create a separate file for each of them. For example, nginx-http-auth.conf. The second way is to insert configuration into the existing defaults-debian.conf file. Simply add these lines there:

[nginx-http-auth]
enabled = true

You can add individual parameters for each rule here.
Let's set the IP address to ignore in the ignoreip parameter, the time for the ban is 2400 minutes, and the number of failed authorization attempts is 10.

ignoreip = 10.10.10.5
bantime = 2400m
maxretry = 10

Save and close the file and restart the service.

systemctl restart fail2ban

Using fail2ban-client

There is a Fail2ban client for managing its rules. Keep in mind that all changes made here will be reset after the system reboot or service restart. To view active rules use this command:

fail2ban-client status

To see jail statistics use this command with the name you need instead of sshd:

fail2ban-client status sshd

To activate a rule, use its name from the configuration file and the command:

fail2ban-client add nginx-http-auth

Then start it.

fail2ban-client start nginx-http-auth

To view all available commands:

fail2ban-client -h

Conclusion

Fail2ban is an essential security tool that helps protect your Ubuntu 20.04 server from brute force attacks, unauthorized access, and other malicious activities by monitoring logs and dynamically updating firewall rules. By following this step-by-step tutorial, you have learned how to install Fail2ban, configure ban policies, customize jail rules, and manage the service using the fail2ban-client utility. Implementing Fail2ban strengthens your server’s defense by automating the blocking of suspicious IP addresses, thereby improving overall security and reducing manual intervention.

FAQ

  • Q1: Is Fail2ban installed by default on Ubuntu 20.04?
    Fail2ban is not installed by default but can be easily installed using the command apt install fail2ban.
  • Q2: How can I check if Fail2ban is running?
    Use systemctl status fail2ban to verify the service status.
  • Q3: Where are Fail2ban configuration files located?
    The main configuration files are in /etc/fail2ban/, including jail.conf and jail.local. Custom rules can also be placed in /etc/fail2ban/jail.d/.
  • Q4: How do I customize ban time and retry limits?
    Edit the [DEFAULT] section in jail.local or individual jail files to adjust parameters like bantime, maxretry, and ignoreip.
  • Q5: What is the purpose of fail2ban-client?
    fail2ban-client is a command-line tool to manage Fail2ban rules dynamically, check status, and control jails without editing config files directly.
  • Q6: Will changes made via fail2ban-client persist after reboot?
    No, changes applied via fail2ban-client are temporary and reset after service restart or system reboot. Permanent changes should be made in configuration files.
  • Q7: Can I create custom filters for other services?
    Yes, Fail2ban supports custom filters and jails to protect various services beyond SSH and Nginx, such as FTP, mail servers, and more.
Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
Fail2ban installation
Fail2ban configuration
Adding and configuring rules
Using fail2ban-client
Conclusion
FAQ

Thanks! Please indicate the reason for the low rating so that we can improve the article

You might also like...

Customer’s choice

Boost Performance with Ubuntu VPS

Experience the speed and security of our Ubuntu 20.04 VPS service. Tailored to meet your business requirements

In this tutorial, we will do the initial server setup with Ubuntu 20.04: system update, user and SSH configuration, UFW, and time settings. The network is configured for them automatically during creation, so you don't need to worry about it.

Cloud Server vs. Dedicated Server: What to Choose for Your Startup?

What to choose for starting a project - a cloud server (VPS/VPC) or a dedicated server? Learn the advantages and features of Serverspace solutions: VPS rental, VPC creation, 24/7 support, unlimited traffic and high performance.

Create account

or sign up with

By signing up you agree to the Terms of Service.

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.