In this tutorial, we will show you how to install Fail2Ban on Debian 11. For those of you who didn’t know, Fail2Ban is an intrusion prevention framework written in the Python programming language. This service will help prevent unwanted logins by banning nefarious IP addresses from gaining access to your server. Whereas, other basic functions are monitoring log files, searching for predefined patterns, and temporarily blocking IP addresses.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation of Fail2Ban on a Debian 11 (Bullseye).
Prerequisites
- A server running one of the following operating systems: Debian 11 (Bullseye).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- An active internet connection.
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install Fail2Ban on Debian 11 Bullseye
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt
commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Installing Fail2Ban on Debian 11.
By default, Fail2ban is available on Debian 11 Bullseye base repository. Now run the following command in your terminal to install it:
sudo apt install fail2ban
Once installed, start and enable fail2ban with the commands:
sudo systemctl enable fail2ban sudo systemctl status fail2ban
Verify Fail2Ban installation:
fail2ban-client --version
Step 3. Configure Fail2ban.
With fail2ban installed, it’s time to configure it. jail.conf
contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because a package upgrade can overwrite this file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local
Find the following line in the config file and uncomment it to whitelist the IP address:
ignoreip = 127.0.0.1/8 ::1 <your-IP-address>
Next, change as you required:
bantime = 15m findtime = 15m maxretry = 8
To receive email alerts with relevant logs, make sure that the following line is present:
# ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(action_)s %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
To configure sending and receiving email addresses:
# Destination email address used solely for the interpolations in destemail = admin@your-domain.com # Sender e-mail address used solely for some actions sender = fail2ban@your-domain
Save and close a file, then restart the Fail2Ban service to change the effects:
sudo systemctl restart fail2ban
We can check the status of the service using systemctl
:
sudo systemctl status fail2ban
Congratulations! You have successfully installed Fail2Ban. Thanks for using this tutorial for installing the latest version of the Fail2Ban on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official Fail2Ban website.