How to Set Up Fail2ban on Debian 11
Introduction
Fail2Ban is software crafted to protect Linux machines from various attacks and malicious activity. Fail2Ban offers protection for various services ranging from SSH, HTTP, FTP, and more to protect your Linux machine.
This guide explains how to configure and understand the fundamentals Fail2ban offers on a Debian 11 Vultr instance.
Prerequisites
Before beginning this guide, you should have/do the following:
- Deploy a Debian 11 Vultr Instance
- Be familiar with the Linux environment
- Access to a user with sudo privileges
- Experience using Nano or any other text editor
1. Installing Fail2ban
Log in to your Debian 11 Vultr Instance and affirm the instance is up-to-date.
$ sudo apt update && upgrade
Fail2Ban is included within the Debian 11 repository. You can effortlessly install the package.
$ sudo apt install fail2ban
After installing Fail2Ban, check the current status of the service on the instance.
$ sudo systemctl status fail2ban
If Fail2ban isn't running on your instance, merely start it.
$ sudo systemctl start fail2ban
Configure Fail2ban to start when the instance comes online.
$ sudo systemctl enable fail2ban
2. Configuring Fail2ban
Filters
After installing Fail2ban, we have to configure it. Fail2ban comes with a default configuration file. This file embodies the configurable options within Fail2ban. It's located in /etc/fail2ban/jail.conf
on your Linux machine. The file contains parameters known as filters to configure Fail2ban.
Here is a quick example of jail.conf filters and structure.
[DEFAULT]
bantime = 1h
maxretry = 5
[sshd]
enabled = true
port = ssh
ignoreip = 192.168.0.254/24
- bantime - Set the amount of time an IP is banned if detected as malicious.
- maxretry - The max amount of attempts a user can try logging in to the machine until the attacker's IP is banned.
- ignoreip - Trusted networks. All networks listed will bypass all filters in Fail2ban.
- enabled - Lets Fail2ban acknowledge if you want this Jail to be enabled or disabled.
- port - Specify the port for the Jail.
Fail2ban has many options within its configuration file. These options can be fruitful to specific scenarios and services to work with each other on your Linux machine.
Jails
When it comes to configuring Fail2ban, Fail2ban has a feature represented as Jails. You can customize Jails to your custom preference. Jails can increase the security of your Linux machine in many ways by adding filters to your machine's services and providing a safe environment for you and your Linux machine.
We won't be editing the jail.conf
in this guide. When Fail2ban receives an update, the file restores to its default settings, making the changes to the file unnecessary. Fail2ban reads files ending with the .local
extension first before reading the default configuration file. Meaning if the local file exists, Fail2ban reads and overwrites any existing options in the default configuration with your local file.
It's recommended to create a fresh configuration file to cache your custom filters.
Create the jail.local configuration file.
$ sudo touch /etc/fail2ban/jail.local
Open the jail.local with your desired text editor.
$ sudo nano /etc/fail2ban/jail.local
Example Configuration
Here is an example configuration for various services.
[sshd]
enabled = true
port = ssh
bantime = 1h
maxretry = 5
ignoreip = 192.168.1.1
[apache-badbots]
enabled = true
port = http,https
bantime = 48h
maxretry = 1
[squid]
enabled = false
port = 80,443,3128,8080
After configuring Fail2ban, restart the Fail2ban service for your changes to take effect on your machine.
$ sudo systemctl restart fail2ban
Conclusion
In this guide, you have learned how to install and how to configure the fundamentals of Fail2ban. You can create your own Jails, and you now understand what Fail2ban has to offer and how it can benefit your Linux machine.