{"id":14198,"date":"2025-12-30T11:05:06","date_gmt":"2025-12-30T05:35:06","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14198"},"modified":"2025-12-30T11:05:08","modified_gmt":"2025-12-30T05:35:08","slug":"create-fail2ban-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-fail2ban-on-linux","title":{"rendered":"How to Create Fail2ban on Linux Server in 2026? &#8211; Easy Guide"},"content":{"rendered":"\n<p><strong>To create Fail2ban on a Linux server<\/strong>, install the package, enable the service, and configure jails to watch logs and ban abusive IPs via your firewall. Copy jail.conf to jail.local, set bantime, findtime, maxretry, and enable service specific jails like SSH.<\/p>\n\n\n\n<p>Verify with fail2ban client status and monitor \/var\/log\/fail2ban.log. If you\u2019re wondering how to create Fail2ban on a Linux server, this guide walks you through installation, configuration, testing, and best practices.<\/p>\n\n\n\n<p>We\u2019ll set up jails for SSH and web services, choose the right firewall backend <strong>(UFW, firewalld, iptables, or nftables)<\/strong>, and harden your server against brute-force attacks without breaking legitimate access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-fail2ban-and-why-you-need-it\"><strong>What is Fail2ban and Why You Need it<\/strong>?<\/h2>\n\n\n\n<p>Fail2ban is a lightweight intrusion-prevention tool that reads authentication and service logs to detect malicious behavior (like repeated login failures) and automatically bans the offending IPs using your firewall. It\u2019s a must-have for public-facing Linux servers to reduce SSH, FTP, SMTP, and web brute-force attempts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<p><strong>Before you start, ensure:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Root or sudo access over SSH<\/li>\n\n\n\n<li>A configured firewall (UFW, firewalld, iptables, or nftables)<\/li>\n\n\n\n<li>Accurate server time (NTP) to ensure correct log timestamps<\/li>\n\n\n\n<li>Log files available or systemd journal enabled for your services<\/li>\n<\/ul>\n\n\n\n<p><strong>Tip:<\/strong> Whitelist your management IP before enabling aggressive bans to avoid locking yourself out.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-fail2ban-on-popular-linux-distributions\"><strong>Install Fail2ban on Popular Linux Distributions<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"debian-ubuntu-including-ubuntu-server-22-04plus\"><strong>Debian\/Ubuntu (including Ubuntu Server 22.04+)<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y fail2ban\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<p><strong>Default SSH log:<\/strong> <code>\/var\/log\/auth.log<\/code>. Modern Ubuntu often uses nftables under the hood (even with UFW).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rhel-almalinux-rocky-linux-8-9\"><strong>RHEL\/AlmaLinux\/Rocky Linux 8\/9<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y epel-release\nsudo dnf install -y fail2ban fail2ban-firewalld\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<p><strong>Default SSH log: <\/strong><code>\/var\/log\/secure<\/code>. firewalld is the default firewall on these platforms.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"fedora\"><strong>Fedora<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf install -y fail2ban fail2ban-firewalld\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<p>Fedora uses systemd journals heavily; Fail2ban can read from the journal instead of flat log files.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"opensuse-leap-tumbleweed\"><strong>openSUSE Leap\/Tumbleweed<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo zypper refresh\nsudo zypper install -y fail2ban\nsudo systemctl enable --now fail2ban<\/code><\/pre>\n\n\n\n<p><strong>Verify the service status after installation:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status fail2ban<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"core-concepts-filters-jails-and-actions\"><strong>Core Concepts: Filters, Jails, and Actions<\/strong><\/h2>\n\n\n\n<p><strong>Fail2ban uses:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Filters: <\/strong>Regex patterns that detect malicious events in logs (in <code>\/etc\/fail2ban\/filter.d\/<\/code>).<\/li>\n\n\n\n<li><strong>Jails: <\/strong>Bind a filter to a log source and firewall \u201caction\u201d.<\/li>\n\n\n\n<li><strong>Actions:<\/strong> How the ban is applied (iptables, nftables, UFW, or firewalld).<\/li>\n<\/ul>\n\n\n\n<p>We\u2019ll configure jails in a local override file so updates won\u2019t overwrite your changes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"configure-fail2ban-recommended-defaults\"><strong>Configure Fail2ban (Recommended Defaults)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-jail-local-and-set-global-defaults\"><strong>Create jail.local and Set Global Defaults<\/strong><\/h3>\n\n\n\n<p>Copy the stock config and edit the local file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\nsudo nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<p>Add or adjust defaults under the <code>[DEFAULT]<\/code> section. The example below works well on modern systems:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]\n# Ban settings\nbantime = 1h\nfindtime = 10m\nmaxretry = 5\n\n# Whitelist your trusted IPs\/subnets\nignoreip = 127.0.0.1\/8 ::1\n\n# Backend: use systemd journal when available\nbackend = systemd\n\n# Choose an action matching your firewall stack:\n# For firewalld:\nbanaction = firewallcmd-rich-rules\n\n# For iptables (legacy):\n# banaction = iptables-multiport\n\n# For nftables (modern distros):\n# banaction = nftables-multiport\n\n# For UFW (Ubuntu):\n# action = ufw\n\n# Log level and target\nloglevel = INFO\nlogtarget = \/var\/log\/fail2ban.log<\/code><\/pre>\n\n\n\n<p><strong>Notes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <code>bantime = 1h<\/code> or higher; increase for persistent abuse.<\/li>\n\n\n\n<li>With firewalld, ensure the <code>fail2ban-firewalld<\/code> package is installed on RHEL\/Fedora.<\/li>\n\n\n\n<li>If you rely on UFW, set <code>action = ufw<\/code> in the jail rather than <code>banaction<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"enable-and-tune-the-ssh-jail\"><strong>Enable and Tune the SSH Jail<\/strong><\/h3>\n\n\n\n<p>Append this to <code>\/etc\/fail2ban\/jail.local<\/code>. Adjust logpath to your distro.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;sshd]\nenabled = true\nport = ssh\n# For systemd journal-aware setups:\nbackend = systemd\nlogpath = %(sshd_log)s\nmaxretry = 5\nfindtime = 10m\nbantime = 1h\n\n# Optional: Protect SSH with an incremental ban\n# requires Fail2ban 0.11+:\n# bantime.increment = true\n# bantime.factor = 1.5\n# bantime.formula = bantime * (1 + (failures \/ 6))<\/code><\/pre>\n\n\n\n<p><strong>Common log locations:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Debian\/Ubuntu:<\/strong> <code>\/var\/log\/auth.log<\/code><\/li>\n\n\n\n<li><strong>RHEL\/CentOS\/Alma\/Rocky:<\/strong> <code>\/var\/log\/secure<\/code><\/li>\n\n\n\n<li>Journal backend: use <code>backend = systemd<\/code> and <code>logpath = journal<\/code> or <code>%(sshd_log)s<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"optional-protect-web-and-mail-services\"><strong>Optional: Protect Web and Mail Services<\/strong><\/h3>\n\n\n\n<p>Enable built-in jails for common services if you run them:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-http-auth]\nenabled = true\n\n&#91;nginx-botsearch]\nenabled = true\n\n&#91;apache-auth]\nenabled = true\n\n&#91;postfix]\nenabled = true\n\n&#91;dovecot]\nenabled = true<\/code><\/pre>\n\n\n\n<p>Ensure the corresponding logs exist (e.g., <code>\/var\/log\/nginx\/error.log<\/code>, <code>\/var\/log\/maillog<\/code> or journal). Some distributions ship service-specific filters in <code>\/etc\/fail2ban\/filter.d\/<\/code>; enable only what you actually run to avoid false positives.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"optional-recidive-jail-for-repeat-offenders\"><strong>Optional: Recidive Jail for Repeat Offenders<\/strong><\/h3>\n\n\n\n<p>The \u201crecidive\u201d jail escalates bans for IPs that trip multiple jails across time.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;recidive]\nenabled = true\nlogpath = \/var\/log\/fail2ban.log\nbantime = 1w\nfindtime = 1d\nmaxretry = 5<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"apply-verify-and-monitor\"><strong>Apply, Verify, and Monitor<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"restart-and-enable-on-boot\"><strong>Restart and Enable on Boot<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart fail2ban\nsudo systemctl enable fail2ban<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"check-jail-status\"><strong>Check Jail Status<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fail2ban-client status\nsudo fail2ban-client status sshd<\/code><\/pre>\n\n\n\n<p>The second command shows the number of currently banned IPs and the jail\u2019s configuration.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitor-logs-and-test\"><strong>Monitor Logs and Test<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tail -f \/var\/log\/fail2ban.log<\/code><\/pre>\n\n\n\n<p>From a separate machine, attempt a few failed SSH logins, then watch Fail2ban ban that IP. Always keep one whitelisted admin session open during testing to prevent lockouts.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"choosing-the-right-firewall-backend\"><strong>Choosing the Right Firewall Backend<\/strong><\/h2>\n\n\n\n<p>Match Fail2ban\u2019s action with your firewall to avoid conflicts and ensure IPv4\/IPv6 coverage:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>UFW (Ubuntu):<\/strong> Use <code>action = ufw<\/code> in jails. UFW typically manages nftables behind the scenes.<\/li>\n\n\n\n<li><strong>firewalld (RHEL\/Fedora):<\/strong> Use <code>banaction = firewallcmd-rich-rules<\/code>. Ensure <code>fail2ban-firewalld<\/code> is installed.<\/li>\n\n\n\n<li><strong>nftables (modern distros):<\/strong> Use <code>banaction = nftables-multiport<\/code>.<\/li>\n\n\n\n<li><strong>iptables (legacy):<\/strong> Use <code>banaction = iptables-multiport<\/code> or <code>iptables-allports<\/code> if you need broad bans.<\/li>\n<\/ul>\n\n\n\n<p><strong>Consistency matters:<\/strong> don\u2019t mix direct iptables rules with firewalld\/UFW unless you know the implications, or rules may be overwritten or misapplied.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-best-practices-and-real-world-tips\"><strong>Security Best Practices and Real-World Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Whitelist your office\/VPN IPs with <code>ignoreip<\/code> to reduce lockout risk.<\/li>\n\n\n\n<li>Change default SSH port and disable password authentication in favor of SSH keys for stronger security.<\/li>\n\n\n\n<li>Use incremental bans (<code>bantime.increment<\/code>) to discourage persistent attackers.<\/li>\n\n\n\n<li>Enable only relevant jails; overly broad filters can cause false positives.<\/li>\n\n\n\n<li>Monitor for 7\u201314 days and adjust <code>maxretry<\/code>, <code>bantime<\/code>, and <code>findtime<\/code> based on observed traffic.<\/li>\n\n\n\n<li>Back up <code>\/etc\/fail2ban\/<\/code> regularly; treat it as part of your server\u2019s security baseline.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-common-issues\"><strong>Troubleshooting Common Issues<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No bans applied:<\/strong> Check <code>sudo fail2ban-client status<\/code> and ensure the jail is <em>enabled<\/em>. Verify the logpath and backend (journal vs file).<\/li>\n\n\n\n<li><strong>Wrong logpath:<\/strong> On RHEL-family, SSH auth logs are in <code>\/var\/log\/secure<\/code>; Debian\/Ubuntu use <code>\/var\/log\/auth.log<\/code>.<\/li>\n\n\n\n<li><strong>Firewall conflicts:<\/strong> If using firewalld or UFW, avoid raw iptables actions; choose the matching <code>banaction<\/code>\/<code>action<\/code>.<\/li>\n\n\n\n<li><strong>SELinux:<\/strong> If logs are not readable, adjust contexts or use the systemd backend. Check <code>audit.log<\/code> for denials.<\/li>\n\n\n\n<li><strong>IPv6 not banned:<\/strong> Ensure your action supports IPv6 (nftables, firewalld, or appropriate iptables v6 actions).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"essential-commands-cheat-sheet\"><strong>Essential Commands Cheat Sheet<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code># Service control\nsudo systemctl status fail2ban\nsudo systemctl restart fail2ban\n\n# List jails and get status\nsudo fail2ban-client status\nsudo fail2ban-client status sshd\n\n# Unban a specific IP\nsudo fail2ban-client set sshd unbanip 203.0.113.25\n\n# Manually ban a specific IP\nsudo fail2ban-client set sshd banip 203.0.113.25\n\n# Test your regex (replace filter and log accordingly)\nsudo fail2ban-regex \/var\/log\/auth.log \/etc\/fail2ban\/filter.d\/sshd.conf<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"managed-option-let-experts-handle-fail2ban\"><strong>Managed Option: Let Experts Handle Fail2ban<\/strong><\/h2>\n\n\n\n<p>Don\u2019t want to babysit firewall rules and jails? With <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\">YouStable\u2019s managed VPS and dedicated servers<\/a>, our engineers deploy, tune, and monitor Fail2ban alongside UFW\/firewalld, harden SSH, and add proactive security layers. It\u2019s the fastest route to a locked-down server without DIY risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-by-step-example-end-to-end-setup-ubuntu\"><strong>Step-by-Step Example: End-to-End Setup (Ubuntu)<\/strong><\/h2>\n\n\n\n<p>This quick sequence illustrates everything in one go for a typical Ubuntu server:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># 1) <a href=\"https:\/\/www.youstable.com\/blog\/install-fail2ban-on-linux\/\">Install Fail2ban<\/a>\nsudo apt update &amp;&amp; sudo apt install -y fail2ban\n\n# 2) Create local config\nsudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\n\n# 3) Edit jail.local (set defaults + SSH jail)\nsudo nano \/etc\/fail2ban\/jail.local\n# &#91;DEFAULT]: bantime=1h, findtime=10m, maxretry=5, backend=systemd, action=ufw or nftables-multiport\n# &#91;sshd]: enabled=true, logpath=%(sshd_log)s\n\n# 4) Enable and restart\nsudo systemctl enable --now fail2ban\nsudo systemctl restart fail2ban\n\n# 5) Verify\nsudo fail2ban-client status\nsudo fail2ban-client status sshd\nsudo tail -f \/var\/log\/fail2ban.log<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765952308888\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-does-fail2ban-work-with-ufw-or-firewalld\">1. <strong>Does Fail2ban work with UFW or firewalld?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. With UFW, use <code>action = ufw<\/code> in your jail configuration. With firewalld, use <code>banaction = firewallcmd-rich-rules<\/code> and install <code>fail2ban-firewalld<\/code>. Pick one firewall stack and stay consistent to avoid conflicts.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952324950\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-how-do-i-unban-an-ip-in-fail2ban\">2. <strong>How do I unban an IP in Fail2ban?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Run <code>sudo fail2ban-client status<\/code> to find the jail name, then unban with <code>sudo fail2ban-client set &lt;jail&gt; unbanip &lt;IP&gt;<\/code>. Example: <code>sudo fail2ban-client set sshd unbanip 198.51.100.7<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952332615\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-which-services-should-i-protect-with-fail2ban\">3. <strong>Which services should I protect with Fail2ban?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Start with SSH, then add web (Nginx\/Apache auth and botsearch), mail (Postfix, Dovecot), FTP\/SFTP, and control panels. Enable only the jails for services you actually run to limit false positives.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952341442\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-whats-the-difference-between-bantime-and-findtime\">4. <strong>What\u2019s the difference between bantime and findtime?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>findtime is the window to count failures (e.g., 10 minutes). If an IP exceeds maxretry within findtime, Fail2ban bans it for bantime (e.g., 1 hour). Use incremental bantime for stronger deterrence against repeat offenders.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765952348523\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-can-fail2ban-use-nftables-on-modern-linux\">5. <strong>Can Fail2ban use nftables on modern Linux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Use <code>banaction = nftables-multiport<\/code> or an nftables-compatible action. On Ubuntu 22.04+ and RHEL 9+, nftables is common. Ensure your distro\u2019s Fail2ban version includes nftables actions (0.11+ typically does).<\/p>\n<p>With the above steps, you\u2019ve learned how to create Fail2ban on a Linux server, select the right firewall backend, and harden critical services. Keep monitoring and refining your jails, and consider YouStable\u2019s managed hosting if you prefer expert-led server security.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To create Fail2ban on a Linux server, install the package, enable the service, and configure jails to watch logs and [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16684,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14198","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-Fail2ban-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14198"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14198\/revisions"}],"predecessor-version":[{"id":16686,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14198\/revisions\/16686"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16684"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14198"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}