In this tutorial, we will show you how to install Fail2Ban on Debian 11. For those of you who didn’t know, Fail2Ban is an intrusion prevention framework written in the Python programming language. This service will help prevent unwanted logins by banning nefarious IP addresses from gaining access to your server. Whereas, other basic functions are monitor log files, searches for predefined patterns, and temporarily block IP addresses.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Fail2Ban on a Debian 11 (Bullseye).
Install Fail2Ban on Debian 11 Bullseye
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following
apt commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Installing Fail2Ban on Debian 11.
By default, Fail2ban is available on Debian 11 Bullseye base repository. Now run the following command in your terminal to install it:
sudo apt install fail2ban
Once installation, start and enable fail2ban with the commands:
sudo systemctl enable fail2ban sudo systemctl status fail2ban
Verify Fail2Ban installation:
Step 3. Configure Fail2ban.
With fail2ban installed, it’s time to configure it.
jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrade can overwrite this file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local
Find the following line in the config file and uncomment it to whitelist the IP address:
ignoreip = 127.0.0.1/8 ::1 <your-IP-address>
Next, change as you required:
bantime = 15m findtime = 15m maxretry = 8
To receive email alerts with relevant logs, make sure that the following line is present:
# ban & send an e-mail with whois report and relevant log lines # to the destemail. action_mwl = %(action_)s %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
To configure sending and receiving email addresses:
# Destination email address used solely for the interpolations in destemail = [email protected] # Sender e-mail address used solely for some actions sender = [email protected]
Save and close a file, then restart the Fail2Ban service to change the effects:
sudo systemctl restart fail2ban
We can check the status of the service using
sudo systemctl status fail2ban
Congratulations! You have successfully installed Fail2Ban. Thanks for using this tutorial for installing the latest version of the Fail2Ban on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official Fail2Ban website.