by 
To install Fail2ban on an Ubuntu server, use these steps:
- Open Terminal on Ubuntu.
Also, read How to install letsencrypt for reverse proxy in Ubuntu.
- Type the following command to confirm whether fail2ban is already installed and press Enter:
fail2ban-regex -V
Quick note: If the command outputs a version number, the app is already installed. You can also check if the “fail2ban” directory exists in the “etc” directory. - Type the following command to check that the local package index is up to date and press Enter:
sudo apt update
- Type the following command to install Fail2ban on the Ubuntu server and press Enter:
sudo apt install fail2ban
- Type “Y” and press Enter to continue.
- Type the following command to check the app status and press Enter:
sudo systemctl status fail2ban
- Type the following command to allow Fail2ban to start automatically on the startup of the server and press Enter:
sudo systemctl enable fail2ban
- Type the following command to start the Fail2ban services and press Enter:
sudo systemctl start fail2ban
- Type the following command to confirm the security app is running and press Enter:
sudo systemctl status fail2ban
- Type the following command to check the jails that are currently running on the server and press Enter:
sudo fail2ban-client status
Once you complete the steps, the Fail2ban security app should be up and running on your Ubuntu server with the default configurations, which includes the “sshd” jail that protects the SSH connections to the server.
FAQ
Does Fail2ban use a configuration, and where is it located?
The intrusion prevention app works with the “jail.conf” configuration file in the /etc/fail2ban directory. If you plan to modify the default configuration, it’s recommended to make a copy of the “jail.conf” file using the sudo cp jail.conf jail.local command since modifying the “.conf” file can eventually be overwritten when the app receives an update.
Where are the Fail2ban jails located?
The working jails are available in the /etc/fail2ban/jail.d directory. Inside the folder, you’re likely to find the “default-debian.conf” file that enables the “sshd” jail by default.
How to reload the jails after making configuration changes?
If you make changes to the jail configuration, you can use the sudo fail2ban-client reload command to reload and activate the jails.
How to restart Fail2ban on Ubuntu?
To restart the Fail2ban services, use the sudo systemctl restart fail2ban command.
How to stop Fail2ban on Ubuntu?
To stop Fail2ban on the server, use the sudo systemctl stop fail2ban command.
How to view the jails running on Fail2ban?
To see the jails running on the server, use the sudo fail2ban-client status command. On the other hand, you can also use the fail2ban-client status sshd command to view the status of a specific jail (in this case, the “sshd” jail.)
How to unban an IP address blocked by Fail2ban?
To unban an IP address, use the fail2ban-client set wordpress-soft unbanip 10.1.4.159 command. In the command, change “wordpress-soft” to the name of the jail that banned the IP address and the “10.1.4.159” address for the IP you want to unban.
How to manually ban an IP address on Fai2ban?
If you have to ban an IP address manually, you can use the fail2ban-client set "wordpress-soft" banip 10.1.4.159 command. In the command, change “wordpress-soft” to the name of the jail to ban the IP address and the “10.1.4.159” address for the IP you want to ban.
