In this tutorial, we will show you how to install Fail2ban on Fedora 38. For those of you who didn’t know, Fail2ban is a log-parsing application that scans log files for specific patterns and bans IP addresses that exhibit suspicious behavior. It works by monitoring system logs, such as authentication logs, and dynamically updates firewall rules to block malicious IP addresses. Fail2ban helps protect your system from brute-force attacks, DDoS attempts, and other malicious activities.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Fail2ban on a Fedora 38.
Features of Fail2ban
- Dynamic Firewall Rules: Fail2ban automatically updates firewall rules to block malicious IP addresses.
- Customizable Filters: You can create custom filters to detect specific patterns in log files.
- Flexible Actions: Fail2ban offers various actions to respond to detected threats, such as banning IP addresses, sending email notifications, or executing custom scripts.
- IP Whitelisting: You can whitelist trusted IP addresses to ensure they are not blocked.
- Logging and Reporting: Fail2ban provides detailed logs, allowing you to monitor and analyze detected threats
- A server running one of the following operating systems: Fedora 38.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Fail2ban.
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Fail2ban on Fedora 38
Step 1. Before we can install Fail2ban on Fedora 38, it’s important to ensure that our system is up-to-date with the latest packages. This will ensure that we have access to the latest features and bug fixes and that we can install Fail2ban without any issues:
sudo dnf upgrade --refresh
Step 2. Installing Fail2ban on Fedora 38.
By default, Fail2ban is available on Fedora 38 base repository. Installing Fail2ban on Fedora 38 is straightforward using the DNF package manager. Execute the following command in the terminal:
sudo dnf install fail2ban
Enter your password when prompted and wait for the installation to finish.
Step 3. Configuring Fail2ban.
Fail2ban’s main configuration file is located at
/etc/fail2ban/jail.conf. You can customize the configuration by creating an override file named
/etc/fail2ban/jail.local. Open the file using the nano text editor:
In this file, you can modify settings such as the ban time, log file paths, and email notifications. Save the changes and exit the text editor.
Step 4. Managing Fail2ban
- Basic Fail2ban Configuration
Fail2ban has several configuration options that you can modify to suit your needs. Some key configurations include:
bantime: Specifies the duration (in seconds) for which an IP address is banned. The default value is 600 seconds (10 minutes).
maxretry: Defines the maximum number of failed attempts allowed before an IP address is banned.
findtime: Sets the time window (in seconds) in which the
maxretrylimit is considered. If the number of failed attempts exceeds
maxretrywithin this time frame, the IP address is banned.
Make sure to restart Fail2ban after making any changes to the configuration:
sudo systemctl restart fail2ban
- Viewing Fail2ban Logs
Fail2ban keeps detailed logs of its activities, which can be helpful for monitoring and troubleshooting. The logs are stored in the directory
/var/log/fail2ban/. You can view the logs using the following command:
sudo tail -f /var/log/fail2ban.log
This command will display the latest log entries in real-time. Press Ctrl+C to exit the log viewer.
- Customizing Fail2ban Filters and Actions
Fail2ban provides pre-defined filters for common services, but you can also create custom filters to match specific log patterns. Custom filters are defined in separate files located in the
/etc/fail2ban/filter.d/ directory. You can create or modify filters using a text editor.
Additionally, Fail2ban supports various actions, such as banning IP addresses, sending email notifications, or executing custom scripts. You can customize these actions in the Fail2ban configuration file.
Step 5. Testing Fail2ban.
- Triggering a Ban
To test if Fail2ban is functioning correctly, you can intentionally trigger a ban by generating failed login attempts. For example, you can use SSH to simulate failed authentication by entering an incorrect password multiple times. After a certain number of failed attempts (as configured in Fail2ban), your IP address should be temporarily banned.
- Monitoring Banned IP Addresses
You can monitor the IP addresses that Fail2ban has banned using the following command:
sudo fail2ban-client status
This command will display information about the banned IP addresses and their associated jails.
Step 7. Fine-tuning Fail2ban.
- Adjusting Ban Time and Thresholds
The default ban time and threshold values may not be suitable for all scenarios. Depending on your specific requirements, you may need to adjust the ban time and thresholds to strike a balance between security and convenience. Experiment with different values to find the optimal configuration for your system.
- Whitelisting IP Addresses
Fail2ban allows you to whitelist specific IP addresses to ensure they are not mistakenly banned. You can add IP addresses to the whitelist by modifying the Fail2ban configuration file and adding them to the
Congratulations! You have successfully installed Fail2ban. Thanks for using this tutorial for installing Fail2ban on your Fedora 38 system. For additional help or useful information, we recommend you check the official Fail2ban website.