In this article, we will have explained the necessary steps to install and set up Fail2ban on Debian 10. Before continuing with this tutorial, make sure you are logged in as a user with
sudo privileges. All the commands in this tutorial should be run as a non-root user.
Fail2ban is a free, open-source, and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them (updates firewall rules to reject the IP addresses). Fail2Ban is able to reduce the rate of incorrect authentication attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two-factor or public/private authentication mechanisms if you really want to protect services.
Install Fail2ban on Debian 10
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
sudo apt update sudo apt upgrade
Step 2. Install Fail2ban on the Debian system.
Fail2ban packages are automatically included in Debian repositories. To install it, simply run the commands below:
sudo apt install fail2ban
Once completed, the Fail2ban service will start automatically. You can verify it by checking the status of the service:
sudo systemctl status fail2ban
Step 3. Configure Fail2ban.
On Debian system, the default Fail2ban filter settings will be stored in both the
/etc/fail2ban/jail.local file. Remember that settings in the latter file will override corresponding settings in the former one.
Then start editing the configuration file just created by running the commands below:
sudo nano /etc/fail2ban/jail.local
Once the file is open, copy and paste the following configuration in it. The [DEFAULT] section contains global options and [sshd] contains parameters for the sshd jail:
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline comments
It’s recommended to change those settings:
- ignoreip – Specify your own ISP IP in this line, in such a way you will avoid any blocks on your own IP address.
- bantime – This value sets the number of seconds that a client is going to be blocked from the server in case he violates any of the rules. The default is 10 minutes, you can change it to higher if you’d like.
- maxretry – This is the number of times a host can fail to log in before getting banned.
- findtime – Amount of time that a client has to log in. The default is set to 10 minutes.
That’s all you need to do to install the Fail2ban on Debian 10 Buster. I hope you find this quick tip helpful. For further reading on Fail2ban, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.