Configure Fail2ban Protect SSH and web services against brute-force attempts with Fail2ban and jails suited to your HolyCloud VPS. ~10 min read Intermediate #fail2ban #security #ssh #intrusion Configure Fail2ban Fail2ban watches logs (SSH, Nginx, etc.) and temporarily bans IPs that exceed a failure threshold. Combined with UFW or iptables, it reduces attack noise on a HolyCloud Linux VPS exposed to the Internet. Prerequisites Ubuntu/Debian with OpenSSH and logs in /var/log/auth.log UFW or active firewall (recommended) sudo access SSH secured with keys (so you are not banned during tests — use a stable IP or ignoreip) Step 1: installation sudo apt update sudo apt install -y fail2ban sudo systemctl enable --now fail2ban Step 2: local configuration (jail.local) Do not edit jail.conf directly; create an override: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local Recommended excerpt in [DEFAULT]: [DEFAULT] bantime = 1h findtime = 10m maxretry = 5 backend = systemd banaction = ufw ignoreip = 127.0.0.1/8 VOTRE_IP_FIXE/32 Replace VOTRE_IP_FIXE with your office or VPN IP to avoid self-ban. Step 3: enable the SSH jail In the same file, [sshd] section: [sshd] enabled = true port = ssh filter = sshd maxretry = 3 bantime = 24h If SSH listens on a custom port (e.g. 2222): port = 2222 Step 4: Nginx jail (optional) After installing Nginx: sudo nano /etc/fail2ban/jail.d/nginx.conf [nginx-http-auth] enabled = true port = http,https filter = nginx-http-auth logpath = /var/log/nginx/error.log maxretry = 5 [nginx-botsearch] enabled = true port = http,https filter = nginx-botsearch logpath = /var/log/nginx/access.log maxretry = 2 Step 5: apply sudo fail2ban-client -t sudo systemctl restart fail2ban Verification sudo fail2ban-client status sudo fail2ban-client status sshd sudo fail2ban-client banned Simulate a ban (from a test IP not in ignoreip): # plusieurs échecs SSH volontaires, puis : sudo fail2ban-client status sshd Unban an IP: sudo fail2ban-client set sshd unbanip 198.51.100.10 Logs: sudo journalctl -u fail2ban -n 40 --no-pager Need help? Banned by mistake: KVM console → sudo fail2ban-client set sshd unbanip VOTRE_IP or add the IP to ignoreip then sudo systemctl restart fail2ban Inactive jail: sudo fail2ban-client status should list sshd with possible « currently banned » HolyCloud support: provide fail2ban-client status sshd and an excerpt from /var/log/auth.log Continue reading Previous article Certbot DNS mode (wildcard) Read Next article Configure UFW Read
FR