• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

How to Install and Configure Fail2ban on Debian 11

Written by Admin, Updated On January 11, 2023
debian, fail2ban, security
How to Install and Configure Fail2ban on Debian 11

Fail2ban is used to protect your Linux system from malicious activity and various attacks. It blocks the client which are repeatedly fail to authenticate correctly with the services configured for it. Actually, it monitoring the logs of services for malicious activity and identify the automated attacks. This article explains how to install and configure Fail2ban on Debian 11.

How to Install Fail2ban on Debian 11#

By default, Debian 11 repository includes the Fail2ban package. So it is very straightforward to install Fail2ban package.

Perform the following steps to install Fail2ban on Debian 11 system:

Step 1 – Update your system#

First of all you need to update your system and make up to date using below command:

sudo apt update && upgrade

Step 2 – Install Fail2ban#

Next, issue below given command as root or user with sudo privileges to install Fail2ban package:

sudo apt install fail2ban

Once the the installation completes, the Fail2ban service will be start automatically.

If the service not active on your system, you can do it by using following commands:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Step 3 – Verify Installation#

You can verify the installation by checking the service status:

sudo systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-11-14 06:40:14 UTC; 45s ago
...

That’s it. At this point, you have Fail2Ban running on your Debian server.

Step 4 – Fail2ban Configuration#

Fail2ban configuration files are located in /etc/fail2ban/ directory. By default, /etc/fail2ban/jail.conf and /etc/fail2ban/jail.d/defaults-debian.conf files are configuration files which comes with Fail2Ban installation. We will not direct edit these files because these files may be overwritten once the package is updated.

We will make another copy of jail.conf configuration file with jail.local and then make changes to this .local file. In .local there is only changes which we need to overwrite. Fail2ban reads the configuration files in the following order. Each .local file overrides the settings from the .conf file:

  • /etc/fail2ban/jail.conf
  • /etc/fail2ban/jail.d/*.conf
  • /etc/fail2ban/jail.local
  • /etc/fail2ban/jail.d/*.local

Copy the jail.conf and save as a jail.local file:

sudo cp /etc/fail2ban/jail.{conf,local}

To make the configuration changes, open jail.local file using text editor:

sudo nano /etc/fail2ban/jail.local

As you can see the instruction with comment in the configuration file. Below is the configuration file with default settings. Let’s change basic configuration in this file.

[DEFAULT]
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host that matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8
# "bantime" is the number of seconds that a host is banned.
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 10m
# "maxretry" is the number of failures before a host gets banned.
maxretry = 5
# "backend" specifies the backend used to get files modification.
# systemd: uses systemd python library to access the systemd journal.
# Specifying "logpath" is not valid for this backend.
# See "journalmatch" in the jails associated filter config
backend=systemd

Whitelist IP Address#

You can add the IP address and IP ranges to the ignoreip directive to allow all time and prevent from ban. Here, you can add your local IP addresses and other system address which you want to whitelist.

You should uncomment the line starting with ignoreip and add your IP addresses separated by space:

ignoreip = 127.0.0.1/8 ::1 222.222.222.222 192.168.55.0/24

Ban Settings#

The values of bantime, findtime, and maxretry options define the ban time and ban conditions.

The bantime is the duration for which the IP is banned. The default value for bantime is 10 minutes and if there is no suffix specified then it will consider seconds. If you would like to change the longer time then just change the value like below:

bantime = 1d

For ban permanently use the negative number.

The findtime the duration between the number of failures before a ban is set. For example, if Fail2ban is set to ban an IP after five failures (maxretry), those failures must occur within the findtime duration.

findtime = 10m

Option maxretry is the number of failures, then it will be banned. The default value for the maxretry is 5 and it’s fine for most of users.

maxretry = 5

Conclusion#

You successfully learned how to install and configure Fail2Ban on Debian 11 system. To learn more about Fail2Ban, visit Fail2ban documentation.

If you have any questions or suggestion, please leave a comment below.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Install Apache Cassandra on Ubuntu 22.04
Next Article   How to Install and Configure Fail2ban on Ubuntu 22.04

Related Posts

  • How to Change Hostname Debian 11

    How to Change Hostname on Debian 11

    February 3, 2023
  • How to Install Python 3.11 on Debian 11

    How to Install Python on Debian 11

    January 25, 2023
  • How to Install Mongodb on Debian 11

    How to Install MongoDB on Debian 11 Linux

    January 11, 2023

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install SSH Keys on Ubuntu 22.04
    How to Set up SSH Keys on Ubuntu 22.04 January 7, 2023
  • How to Install Mongodb on Debian 11
    How to Install MongoDB on Debian 11 Linux January 11, 2023
  • How to Install Puppet Agent on Ubuntu 22.04
    How to Install Puppet Agent on Ubuntu 22.04 January 22, 2023
  • How to Install Jenkins on Debian 11
    How to Install Jenkins on Debian 11 January 5, 2023
  • How to Change-Hostname Ubuntu 22.04
    How to Change Hostname on Ubuntu 22.04 January 19, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook