Secure VPS with Fail2ban

Note: The notes are for Debian distro.

Installation

apt install fail2ban

Configuration

1. Create local jail config file

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

2. Open jail.local file and make the following changes:
   1. Search for backend = auto and update it to backend = systemd
   2. For each filter, set enabled = true and backend = auto. Also ensure to set journalmatch as empty (journalmatch =) in the filter config present in /etc/fail2ban/filter.d folder. Below example shows configuration for nginx-bad-request filter.

# file: /etc/fail2ban/jail.local
[default]
...
backend = systemd

...

[nginx-bad-request]
enabled = true
backend = auto

# file: /etc/fail2ban/filter.d/nginx-bad-request.conf
...
logfile = /var/log/nginx/access.log
journalmatch =

Start Fail2ban

fail2ban-client start

Check status

fail2ban-client status
# check status of specific filter
fail2ban-client status nginx-bad-request

Check and unban specific ips

# check if ip is banned, shows list of rules
fail2ban-client banned 127.0.0.1
# unban ip
fail2ban-client unban 127.0.0.1

Additional info

• Logs can be found in /var/log/fail2ban.log
• Check the list of banned ips with iptables -S | grep f2b