Installing and Configuring Fail2ban

Fail2ban monitors log files and automatically bans IPs showing malicious behavior. Install and configure for web server protection:

# Install Fail2ban
sudo apt install fail2ban

# Create local configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Configure /etc/fail2ban/jail.local with web server-specific settings:

[DEFAULT]
# Ban duration and retry settings
bantime = 3600
findtime = 600
maxretry = 5
backend = systemd

# Email notifications
destemail = [email protected]
sendername = Fail2Ban
mta = sendmail
action = %(action_mwl)s

# Whitelist your IPs
ignoreip = 127.0.0.1/8 ::1 203.0.113.0/24

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 3
bantime = 7200

[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 3
bantime = 3600

[apache-badbots]
enabled = true
port = http,https
logpath = %(apache_access_log)s
bantime = 86400
maxretry = 2

[apache-noscript]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 5

[apache-overflows]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 2

[apache-nohome]
enabled = true
port = http,https
logpath = %(apache_error_log)s
maxretry = 3

[nginx-http-auth]
enabled = true
port = http,https
logpath = %(nginx_error_log)s
maxretry = 3

[nginx-noscript]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
maxretry = 5

[nginx-badbots]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
maxretry = 2

[nginx-noproxy]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
maxretry = 2