Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»How to Install and Configure Fail2ban on Debian 11

    How to Install and Configure Fail2ban on Debian 11

    By RahulOctober 28, 20213 Mins Read

    Every server which is accessible from the Internet is at great risk of brute-force and malware attacks. Hackers try to use brute-force attempts to get access to applications that are accessible on public networks.

    Advertisement

    Fail2ban is a tool that is used to protect Linux-based machines from automated attacks by improving their security. It monitors the logs for any malicious activity and allows the user to temporarily or permanently block remote IP addresses

    This how-to guide will explain how to install, configure and set up Fail2ban on a Debian 11 based system.

    How to install Fail2ban on Debian 11

    Fail2ban is available in the default repository of Debian 11, so it can easily be installed by using the default package manager of Debian:

    sudo apt install fail2ban -y  
    

    After successful installation, the Fail2ban service should start automatically. You can verify this by running the command:

    sudo systemctl status fail2ban 
    

    If the service is not active on your system, then you can use the following commands to starts and enable it:

    sudo systemctl start fail2ban 
    ssudo systemctl enable fail2ban 
    

    How to configure Fail2ban on Debian 11

    Fail2ban comes with two different configuration files which are located in the /etc/fail2ban directory. These config files have a basic configuration that should not be modified as these files may be overwritten when a package update arrives.

    We can use a separate .local file as a configuration file to avoid any future hassle. So we will make a local config file by copying the jail.conf file:

    sudo cp /etc/fail2ban/jail.{conf,local} 
    

    Now, open the newly created file in a text editor:

    sudo nano /etc/fail2ban/jail.local 
    

    Here you can update the settings according to your needs. You can add an ignoreip directive to ignore/whitelist IP addresses from ban. Here I have listed two different IP addresses as examples. You can put any IP address that you want to whitelist:

    ignoreip = 127.0.0.15/8  192.168.1.2/24
    

    The bantime directive can be used to set a duration of time for which an IP address will remain banned. We can use a suffix like m,d to specify the unit of time which by default is in seconds.

    bantime = 120m
    

    The findtime directive specifies the duration of time for the number of failures before a ban is placed. If Fail2ban is going to ban an IP after 4 failed attempts, the findtime directive defines the time interval in which the failures must occur.

    findtime = 2m
    

    The maxretry is used to define the number of failed attempts before an IP gets blacklisted.

    maxretry = 5
    

    After making all the necessary changes, you can simply just save and save the config file.

    Now restart the service to let the changes take effect:

    sudo systemctl restart fail2ban.service  
    

    Conclusion

    Fail2ban allows us to configure our system in a way that it becomes more secure against brute attacks as well as other malicious activities. It protects our system by checking the logs and blacklisting IP addresses that are suspicious. These security measures are essential, especially for systems that are accessible on public networks. In this article, we learned to install, configure and set up Fail2ban on Debian 11.

    fail2ban
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to Open Port in Linux

    Securing SSH Server in Linux

    How To Secure SSH Server

    How to Install and Configure Fail2ban on Ubuntu 20.04

    Add A Comment

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • 20 Basic Linux Commands for the Beginners (Recommended)
    • tail Command in Linux with Examples
    • What is a Orphan Process in Unix/Linux
    • How To Display Warning Message to Unauthorized SSH Access
    • How to Set a Custom SSH Login Banner and MOTD
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.