How To Install Fail2Ban on Debian 11

Install Fail2Ban on Debian 11

In this tutorial, we will show you how to install Fail2Ban on Debian 11. For those of you who didn’t know, Fail2Ban is an intrusion prevention framework written in the Python programming language. This service will help prevent unwanted logins by banning nefarious IP addresses from gaining access to your server. Whereas, other basic functions are monitor log files, searches for predefined patterns, and temporarily block IP addresses.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Fail2Ban on a Debian 11 (Bullseye).

Install Fail2Ban on Debian 11 Bullseye

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Installing Fail2Ban on Debian 11.

By default, Fail2ban is available on Debian 11 Bullseye base repository. Now run the following command in your terminal to install it:

sudo apt install fail2ban

Once installation, start and enable fail2ban with the commands:

sudo systemctl enable fail2ban
sudo systemctl status fail2ban

Verify Fail2Ban installation:

fail2ban-client --version

Step 3. Configure Fail2ban.

With fail2ban installed, it’s time to configure it. jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrade can overwrite this file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

Find the following line in the config file and uncomment it to whitelist the IP address:

ignoreip = 127.0.0.1/8 ::1 <your-IP-address>

Next, change as you required:

bantime  = 15m
findtime = 15m
maxretry = 8

To receive email alerts with relevant logs, make sure that the following line is present:

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
  action_mwl = %(action_)s
               %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

To configure sending and receiving email addresses:

# Destination email address used solely for the interpolations in
destemail = [email protected]
# Sender e-mail address used solely for some actions
sender = [email protected]

Save and close a file, then restart the Fail2Ban service to change the effects:

sudo systemctl restart fail2ban

We can check the status of the service using systemctl:

sudo systemctl status fail2ban

Congratulations! You have successfully installed Fail2Ban. Thanks for using this tutorial for installing the latest version of the Fail2Ban on Debian 11 Bullseye. For additional help or useful information, we recommend you check the official Fail2Ban website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!