{"id":12804,"date":"2025-12-20T12:34:01","date_gmt":"2025-12-20T07:04:01","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12804"},"modified":"2025-12-20T12:34:03","modified_gmt":"2025-12-20T07:04:03","slug":"how-to-configure-fail2ban-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-configure-fail2ban-on-linux","title":{"rendered":"How to Configure Fail2ban on Linux Server &#8211; (Step-by-Step Guide 2026)"},"content":{"rendered":"\n<p><strong>To configure Fail2ban on a Linux server<\/strong>, install the package, create <code>\/etc\/fail2ban\/jail.local<\/code>, enable jails (for example, <code>sshd<\/code>) with <code>bantime<\/code>, <code>findtime<\/code>, <code>maxretry<\/code>, and the correct <code>logpath<\/code>, then restart and enable the service. Verify with <code>fail2ban-client<\/code>, test bans from a second host, and monitor <code>\/var\/log\/fail2ban.log<\/code>.<\/p>\n\n\n\n<p>Looking for a 2026-ready walkthrough on how to configure Fail2ban on a Linux server? This <a href=\"https:\/\/www.youstable.com\/blog\/install-nginx-on-linux\/\">step-by-step guide shows you how to install<\/a>, configure, test, and maintain Fail2ban to block brute-force attacks on SSH, Nginx\/Apache, and WordPress. We\u2019ll use best-practice settings, explain key options, and cover real-world troubleshooting from a hosting perspective.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-fail2ban-and-why-you-need-it\"><strong>What is Fail2ban and Why You Need it<\/strong>?<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"960\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-67.png\" alt=\"Configure Fail2ban on Linux Server\" class=\"wp-image-12910\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-67.png 960w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-67-96x96.png 96w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-67-150x150.png 150w\" sizes=\"auto, (max-width: 960px) 100vw, 960px\" \/><\/figure>\n\n\n\n<p>Fail2ban is a log-parsing intrusion prevention tool. It monitors service logs (SSH, web server, mail, etc.) and automatically bans IPs that show malicious behavior\u2014typically via firewall rules (iptables\/nftables, UFW, or firewalld). It\u2019s lightweight, highly configurable, and a must-have for Internet-facing <a href=\"https:\/\/www.youstable.com\/blog\/install-mongodb-on-linux\/\">Linux servers<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-fail2ban-works\"><strong>How Fail2ban Works?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Filters:<\/strong> Regular expressions that detect suspicious log entries.<\/li>\n\n\n\n<li><strong>Jails:<\/strong> Bind a filter to a service and action with thresholds (max retries within a time window).<\/li>\n\n\n\n<li><strong>Actions:<\/strong> What happens on a match\u2014usually add a firewall rule to drop traffic from the offending IP.<\/li>\n\n\n\n<li><strong>Backend:<\/strong> How logs are read (pyinotify\/polling\/systemd-journal).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-supported-environments\"><strong>Prerequisites and Supported Environments<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Linux server (Ubuntu\/Debian, Rocky\/AlmaLinux\/CentOS, Fedora, openSUSE).<\/li>\n\n\n\n<li>Root\/sudo access.<\/li>\n\n\n\n<li>OpenSSH or <a href=\"https:\/\/www.youstable.com\/blog\/web-servers-and-explaination\/\">web server<\/a> logs accessible.<\/li>\n\n\n\n<li>Firewall available: iptables\/nftables, UFW, or firewalld.<\/li>\n<\/ul>\n\n\n\n<p>Tip: On <a href=\"https:\/\/www.youstable.com\/blog\/tally-on-cloud-vs-local-installation\/\">cloud<\/a> providers (AWS, GCP, Azure), Fail2ban complements security groups\/firewalls\u2014it doesn\u2019t replace them.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-by-step-install-and-configure-fail2ban-2026\"><strong>Step-by-Step: Install and Configure Fail2ban (2026)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-install-fail2ban\"><strong>1) Install Fail2ban<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu\/Debian\nsudo apt update\nsudo apt <a href=\"https:\/\/www.youstable.com\/blog\/install-fail2ban-on-linux\/\">install -y fail2ban<\/a>\n\n# Rocky\/AlmaLinux\/RHEL 8\/9 (EPEL required on some versions)\nsudo dnf install -y epel-release\nsudo dnf install -y fail2ban\n\n# Fedora\nsudo dnf install -y fail2ban\n\n# openSUSE\nsudo zypper install -y fail2ban<\/code><\/pre>\n\n\n\n<p>Enable the service at boot and start it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now fail2ban\nsudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-create-jail-local-never-edit-jail-conf\"><strong>2) Create jail.local (Never edit jail.conf)<\/strong><\/h3>\n\n\n\n<p>Fail2ban ships with <code>\/etc\/fail2ban\/jail.conf<\/code> as a reference. Put your custom configuration in <code>\/etc\/fail2ban\/jail.local<\/code> so updates don\u2019t overwrite your changes.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\nsudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<p>Start with secure, beginner-friendly defaults:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\n# Who gets email alerts\ndestemail = admin@example.com\nsender = fail2ban@yourserver.example\nsendername = Fail2ban\n\n# Ban policy\nbantime = 1h\nfindtime = 15m\nmaxretry = 5\nbantime.increment = true\nbantime.factor = 1.5\nbantime.formula = bantime * (1 + failures \/ 2)\n\n# Trusted IPs (never banned)\nignoreip = 127.0.0.1\/8 ::1 10.0.0.0\/8 192.168.0.0\/16\n\n# Use systemd journal if available, else auto\nbackend = auto\n\n# Choose your firewall integration (set one globally or per jail)\nbanaction = iptables-multiport\n# Alternatives:\n# banaction = nftables-multiport\n# banaction = ufw\n# banaction = firewallcmd-multiport\n\naction = %(action_mwl)s\n# action_mw = ban + whois report\n# action_mwl = ban + whois + email loglines<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-enable-and-tune-the-ssh-jail\"><strong>3) Enable and Tune the SSH Jail<\/strong><\/h3>\n\n\n\n<p>SSH attacks are the most common. Enable the built-in <code>sshd<\/code> jail and set the correct log path for your distro.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;sshd]\nenabled = true\nport = ssh\nfilter = sshd\nlogpath = \/var\/log\/auth.log   ; Ubuntu\/Debian\n# logpath = \/var\/log\/secure   ; RHEL\/Rocky\/Alma\nmaxretry = 5\nfindtime = 15m\nbantime = 1h<\/code><\/pre>\n\n\n\n<p>Restart to apply:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart fail2ban\nsudo fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-add-a-recidive-jail-catch-repeat-offenders\"><strong>4) Add a Recidive Jail (Catch Repeat Offenders)<\/strong><\/h3>\n\n\n\n<p>The recidive jail reads Fail2ban\u2019s own log and aggressively bans IPs that trigger multiple jails or repeated bans across time.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;recidive]\nenabled = true\nfilter = recidive\nlogpath = \/var\/log\/fail2ban.log\nbantime = 24h\nfindtime = 1d\nmaxretry = 5\nbanaction = %(banaction)s\naction = %(action_mwl)s<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-email-alerts-optional-but-recommended\"><strong>5) Email Alerts (Optional but Recommended)<\/strong><\/h3>\n\n\n\n<p>Ensure your server can send email (Postfix\/SSMTP\/API relays). The <code>action_mwl<\/code> sends a whois report and log excerpts. Adjust <code>destemail<\/code> and <code>sender<\/code> in [DEFAULT].<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"6-pick-the-right-firewall-backend\"><strong>6) Pick the Right Firewall Backend<\/strong><\/h3>\n\n\n\n<p>Fail2ban can talk to different firewalls. Use one that matches your setup:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>UFW (Ubuntu)<\/strong>: set <code>banaction = ufw<\/code>.<\/li>\n\n\n\n<li><strong>firewalld (RHEL\/Rocky\/Alma\/Fedora)<\/strong>: set <code>banaction = firewallcmd-multiport<\/code>.<\/li>\n\n\n\n<li><strong>iptables\/nftables<\/strong>: set <code>banaction = iptables-multiport<\/code> or <code>nftables-multiport<\/code>.<\/li>\n<\/ul>\n\n\n\n<p>Consistency matters\u2014don\u2019t mix multiple firewall tools unless you know the implications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"protecting-web-servers-and-wordpress\"><strong>Protecting Web Servers and WordPress<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nginx-basic-auth-and-401-floods\"><strong>Nginx Basic Auth and 401 Floods<\/strong><\/h3>\n\n\n\n<p>To block repeated 401s (bad passwords) against an admin area protected by Nginx basic authentication:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local\n&#91;nginx-http-auth]\nenabled = true\nfilter = nginx-http-auth\nport = http,https\nlogpath = \/var\/log\/nginx\/error.log\nmaxretry = 10\nfindtime = 10m\nbantime = 1h<\/code><\/pre>\n\n\n\n<p>Apache has a similar jail (<code>apache-auth<\/code>) using <code>\/var\/log\/apache2\/error.log<\/code> or <code>\/var\/log\/httpd\/error_log<\/code>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"wordpress-login-abuse-xml-rpc-and-wp-login-php\"><strong>WordPress Login Abuse (XML-RPC and wp-login.php)<\/strong><\/h3>\n\n\n\n<p>You can rate-limit wp-login.php and XML-RPC using web server rules, then let Fail2ban block persistent abusers. For Nginx access logs with HTTP 401\/403\/404 repeats:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/filter.d\/wp-hard-login.conf\n&#91;Definition]\nfailregex = ^&lt;HOST&gt; - .* \"(POST|GET) \/wp-login\\.php.*\" (401|403|429|404)\n            ^&lt;HOST&gt; - .* \"POST \/xmlrpc\\.php.*\" (401|403|429|404)\nignoreregex =<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/fail2ban\/jail.local\n&#91;wp-hard-login]\nenabled = true\nfilter = wp-hard-login\nport = http,https\nlogpath = \/var\/log\/nginx\/access.log\nfindtime = 10m\nmaxretry = 20\nbantime = 2h<\/code><\/pre>\n\n\n\n<p>Adjust <code>failregex<\/code> to match your access log format. Always test with <code>fail2ban-regex<\/code> before enabling.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"testing-your-configuration\"><strong>Testing Your Configuration<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dry-run your filters:<\/strong> <code>sudo fail2ban-regex \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf<\/code><\/li>\n\n\n\n<li><strong>Force failures from a different IP:<\/strong> Try 6\u20138 bad passwords over SSH; watch <code>sudo tail -f \/var\/log\/fail2ban.log<\/code>.<\/li>\n\n\n\n<li><strong>Check status:<\/strong> <code>sudo fail2ban-client status<\/code> and <code>sudo fail2ban-client status sshd<\/code>.<\/li>\n\n\n\n<li><strong>Unban quickly:<\/strong> <code>sudo fail2ban-client set sshd unbanip 203.0.113.10<\/code>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitoring-and-maintenance\"><strong>Monitoring and Maintenance<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review <code>\/var\/log\/fail2ban.log<\/code> weekly for noisy filters.<\/li>\n\n\n\n<li>Use persistent logging (systemd-journald or logrotate defaults).<\/li>\n\n\n\n<li>Audit <code>ignoreip<\/code> ranges regularly\u2014don\u2019t whitelist the world.<\/li>\n\n\n\n<li>Update packages quarterly to get new filters and bug fixes.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-issues\"><strong>Troubleshooting Common Issues<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No bans happen:<\/strong> Wrong <code>logpath<\/code> or backend. Confirm the file exists and contains failures. Try <code>backend=systemd<\/code> if services log to the journal.<\/li>\n\n\n\n<li><strong>Conflicting firewall tools:<\/strong> Don\u2019t mix UFW and firewalld. Pick one <code>banaction<\/code>.<\/li>\n\n\n\n<li><strong>Custom log formats:<\/strong> Default filters may not match. Adapt <code>failregex<\/code> and validate with <code>fail2ban-regex<\/code>.<\/li>\n\n\n\n<li><strong>Bans don\u2019t persist:<\/strong> They should, but if a reboot clears rules, ensure Fail2ban starts early and your firewall saves rules.<\/li>\n\n\n\n<li><strong>False positives:<\/strong> Add trusted IPs to <code>ignoreip<\/code> and widen <code>maxretry<\/code>\/<code>findtime<\/code> for noisy apps.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practice-settings-for-2026\"><strong>Best-Practice Settings for 2026<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use incremental bans:<\/strong> <code>bantime.increment = true<\/code> to penalize repeat offenders progressively.<\/li>\n\n\n\n<li><strong>Set realistic thresholds:<\/strong> Common defaults: <code>maxretry=5<\/code>, <code>findtime=15m<\/code>, <code>bantime=1h<\/code>. Tighten gradually if you see abuse.<\/li>\n\n\n\n<li><strong>Leverage recidive:<\/strong> Essential on public servers to stop rotating attacks.<\/li>\n\n\n\n<li><strong>Per-service tuning:<\/strong> Web jails often need higher <code>maxretry<\/code> than SSH to avoid catching legitimate traffic.<\/li>\n\n\n\n<li><strong>Harden SSH:<\/strong> Change the port, disable password auth, and use keys. Fail2ban is a layer, not the only control.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-hardening-checklist-beyond-fail2ban\"><strong>Security Hardening Checklist (Beyond Fail2ban)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce <a href=\"https:\/\/www.youstable.com\/blog\/how-to-add-ssh-keys-to-github-account\/\">SSH keys<\/a>, disable root SSH login.<\/li>\n\n\n\n<li>Use a host firewall with default-deny inbound.<\/li>\n\n\n\n<li>Keep OS and services patched via unattended upgrades or automation.<\/li>\n\n\n\n<li>Enable 2FA on <a href=\"https:\/\/www.youstable.com\/blog\/control-panel\/\">control panels<\/a> and dashboards.<\/li>\n\n\n\n<li>Back up configs and logs to off-server storage.<\/li>\n<\/ul>\n\n\n\n<p>Prefer turnkey security? YouStable\u2019s managed servers ship with hardened SSH, curated Fail2ban policies, web server rate limits, and continuous monitoring\u2014so you can focus on your apps, not the noise. Speak with our team to tailor jails to your stack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-useful-fail2ban-commands\"><strong>Advanced: Useful Fail2ban Commands<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Global status\nsudo fail2ban-client status\n\n# Status of a single jail\nsudo fail2ban-client status sshd\n\n# Ban or unban an IP manually\nsudo fail2ban-client set sshd banip 203.0.113.10\nsudo fail2ban-client set sshd unbanip 203.0.113.10\n\n# Reload config without dropping existing bans\nsudo fail2ban-client reload\n\n# Test a filter against a log\nsudo fail2ban-regex \/var\/log\/nginx\/access.log \/etc\/fail2ban\/filter.d\/nginx-http-auth.conf<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"real-world-example-minimal-safe-ssh-only-setup\"><strong>Real-World Example: Minimal, Safe SSH-Only Setup<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\nbantime = 1h\nfindtime = 10m\nmaxretry = 5\nbantime.increment = true\nignoreip = 127.0.0.1\/8 ::1\n\n&#91;sshd]\nenabled = true\nport = ssh\nfilter = sshd\nlogpath = \/var\/log\/auth.log\n# For RHEL\/Rocky\/Alma use: \/var\/log\/secure<\/code><\/pre>\n\n\n\n<p>This configuration blocks common SSH brute-force bursts while avoiding false positives. Expand with recidive and web jails as your exposure grows.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-fail2ban-configuration-on-linux\"><strong>FAQs: Fail2ban Configuration on Linux<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765607952422\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-fail2ban-work-with-ufw-or-firewalld\"><strong>Does Fail2ban work with UFW or firewalld?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Set <code>banaction = ufw<\/code> for UFW or <code>banaction = firewallcmd-multiport<\/code> for firewalld. The default iptables\/nftables actions also work if those are your primary firewalls. Avoid running multiple firewall managers simultaneously.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607965734\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-unban-an-ip-quickly\"><strong>How do I unban an IP quickly?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Run <code>sudo fail2ban-client set &lt;jail&gt; unbanip &lt;IP&gt;<\/code>. For example: <code>sudo fail2ban-client set sshd unbanip 203.0.113.10<\/code>. You can check current bans with <code>sudo fail2ban-client status sshd<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607975585\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"where-should-i-put-my-custom-settings\"><strong>Where should I put my custom settings?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Always put changes in <code>\/etc\/fail2ban\/jail.local<\/code> (or files under <code>jail.d\/<\/code>). Don\u2019t edit <code>jail.conf<\/code>, as it is overwritten by package updates.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607980801\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-are-safe-bantime-and-maxretry-values\"><strong>What are safe bantime and maxretry values?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Good starting points are <code>bantime=1h<\/code>, <code>findtime=10\u201315m<\/code>, <code>maxretry=5<\/code>. Use <code>bantime.increment=true<\/code> to escalate for repeat offenders. For web apps, increase <code>maxretry<\/code> to avoid blocking legitimate users.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765607998728\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"fail2ban-vs-a-waf-do-i-need-both\"><strong>Fail2ban vs. a WAF\u2014do I need both?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>They\u2019re complementary. Fail2ban blocks abusive IPs based on log patterns; a WAF inspects HTTP requests in real time. Use Fail2ban for brute-force and scan suppression, and a WAF\/CDN (e.g., ModSecurity\/Cloudflare) for application-layer threats.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"wrap-up-and-next-steps\"><strong>Wrap-Up and Next Steps<\/strong><\/h2>\n\n\n\n<p>Now you know how to configure Fail2ban on a <a href=\"https:\/\/www.youstable.com\/blog\/install-yum-on-linux\/\">Linux server:<\/a> install it, create jail.local, enable critical jails, test thoroughly, and monitor logs. Keep thresholds realistic, enable recidive, and match your firewall backend. <\/p>\n\n\n\n<p>Need a pre-hardened stack? YouStable can provision servers with best-practice Fail2ban policies from day one.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To configure Fail2ban on a Linux server, install the package, create \/etc\/fail2ban\/jail.local, enable jails (for example, sshd) with bantime, findtime, [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":15627,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"iawp_total_views":8,"footnotes":""},"categories":[350],"tags":[],"class_list":["post-12804","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Configure-Fail2ban-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12804"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12804\/revisions"}],"predecessor-version":[{"id":15629,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12804\/revisions\/15629"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15627"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}