Knowledgebase

How to Set Up Fail2ban on Debian 11 Print

  • 0

Introduction

Fail2Ban is software crafted to protect Linux machines from various attacks and malicious activity. Fail2Ban offers protection for various services ranging from SSH, HTTP, FTP, and more to protect your Linux machine.

This guide explains how to configure and understand the fundamentals Fail2ban offers on a Debian 11 Rcs instance.

Prerequisites

Before beginning this guide, you should have/do the following:

  • Deploy a Debian 11 Rcs Instance
  • Be familiar with the Linux environment
  • Access to a user with sudo privileges
  • Experience using Nano or any other text editor

1. Installing Fail2ban

  1. Log in to your Debian 11 Rcs Instance and affirm the instance is up-to-date.

     $ sudo apt update && upgrade
  2. Fail2Ban is included within the Debian 11 repository. You can effortlessly install the package.

     $ sudo apt install fail2ban
  3. After installing Fail2Ban, check the current status of the service on the instance.

     $ sudo systemctl status fail2ban
  4. If Fail2ban isn't running on your instance, merely start it.

     $ sudo systemctl start fail2ban
  5. Configure Fail2ban to start when the instance comes online.

     $ sudo systemctl enable fail2ban

2. Configuring Fail2ban

Filters

After installing Fail2ban, we have to configure it. Fail2ban comes with a default configuration file. This file embodies the configurable options within Fail2ban. It's located in /etc/fail2ban/jail.conf on your Linux machine. The file contains parameters known as filters to configure Fail2ban.

Here is a quick example of jail.conf filters and structure.

[DEFAULT]
bantime = 1h
maxretry = 5

[sshd]
enabled = true
port = ssh
ignoreip = 192.168.0.254/24
  • bantime - Set the amount of time an IP is banned if detected as malicious.
  • maxretry - The max amount of attempts a user can try logging in to the machine until the attacker's IP is banned.
  • ignoreip - Trusted networks. All networks listed will bypass all filters in Fail2ban.
  • enabled - Lets Fail2ban acknowledge if you want this Jail to be enabled or disabled.
  • port - Specify the port for the Jail.

Fail2ban has many options within its configuration file. These options can be fruitful to specific scenarios and services to work with each other on your Linux machine.

Jails

When it comes to configuring Fail2ban, Fail2ban has a feature represented as Jails. You can customize Jails to your custom preference. Jails can increase the security of your Linux machine in many ways by adding filters to your machine's services and providing a safe environment for you and your Linux machine.

We won't be editing the jail.conf in this guide. When Fail2ban receives an update, the file restores to its default settings, making the changes to the file unnecessary. Fail2ban reads files ending with the .local extension first before reading the default configuration file. Meaning if the local file exists, Fail2ban reads and overwrites any existing options in the default configuration with your local file.

It's recommended to create a fresh configuration file to cache your custom filters.

  1. Create the jail.local configuration file.

     $ sudo touch /etc/fail2ban/jail.local
  2. Open the jail.local with your desired text editor.

     $ sudo nano /etc/fail2ban/jail.local

Example Configuration

Here is an example configuration for various services.

[sshd]
enabled = true
port = ssh
bantime = 1h
maxretry = 5
ignoreip = 192.168.1.1

[apache-badbots]
enabled = true
port = http,https
bantime = 48h
maxretry = 1

[squid]
enabled = false
port = 80,443,3128,8080

After configuring Fail2ban, restart the Fail2ban service for your changes to take effect on your machine.

$ sudo systemctl restart fail2ban

Conclusion

In this guide, you have learned how to install and how to configure the fundamentals of Fail2ban. You can create your own Jails, and you now understand what Fail2ban has to offer and how it can benefit your Linux machine.

More Information

Introduction Fail2Ban is software crafted to protect Linux machines from various attacks and malicious activity. Fail2Ban offers protection for various services ranging from SSH, HTTP, FTP, and more to protect your Linux machine. This guide explains how to configure and understand the fundamentals Fail2ban offers on a Debian 11 Rcs instance. Prerequisites Before beginning this guide, you should have/do the following: Deploy a Debian 11 Rcs Instance Be familiar with the Linux environment Access to a user with sudo privileges Experience using Nano or any other text editor 1. Installing Fail2ban Log in to your Debian 11 Rcs Instance and affirm the instance is up-to-date. $ sudo apt update && upgrade Fail2Ban is included within the Debian 11 repository. You can effortlessly install the package. $ sudo apt install fail2ban After installing Fail2Ban, check the current status of the service on the instance. $ sudo systemctl status fail2ban If Fail2ban isn't running on your instance, merely start it. $ sudo systemctl start fail2ban Configure Fail2ban to start when the instance comes online. $ sudo systemctl enable fail2ban 2. Configuring Fail2ban Filters After installing Fail2ban, we have to configure it. Fail2ban comes with a default configuration file. This file embodies the configurable options within Fail2ban. It's located in /etc/fail2ban/jail.conf on your Linux machine. The file contains parameters known as filters to configure Fail2ban. Here is a quick example of jail.conf filters and structure. [DEFAULT] bantime = 1h maxretry = 5 [sshd] enabled = true port = ssh ignoreip = 192.168.0.254/24 bantime - Set the amount of time an IP is banned if detected as malicious. maxretry - The max amount of attempts a user can try logging in to the machine until the attacker's IP is banned. ignoreip - Trusted networks. All networks listed will bypass all filters in Fail2ban. enabled - Lets Fail2ban acknowledge if you want this Jail to be enabled or disabled. port - Specify the port for the Jail. Fail2ban has many options within its configuration file. These options can be fruitful to specific scenarios and services to work with each other on your Linux machine. Jails When it comes to configuring Fail2ban, Fail2ban has a feature represented as Jails. You can customize Jails to your custom preference. Jails can increase the security of your Linux machine in many ways by adding filters to your machine's services and providing a safe environment for you and your Linux machine. We won't be editing the jail.conf in this guide. When Fail2ban receives an update, the file restores to its default settings, making the changes to the file unnecessary. Fail2ban reads files ending with the .local extension first before reading the default configuration file. Meaning if the local file exists, Fail2ban reads and overwrites any existing options in the default configuration with your local file. It's recommended to create a fresh configuration file to cache your custom filters. Create the jail.local configuration file. $ sudo touch /etc/fail2ban/jail.local Open the jail.local with your desired text editor. $ sudo nano /etc/fail2ban/jail.local Example Configuration Here is an example configuration for various services. [sshd] enabled = true port = ssh bantime = 1h maxretry = 5 ignoreip = 192.168.1.1 [apache-badbots] enabled = true port = http,https bantime = 48h maxretry = 1 [squid] enabled = false port = 80,443,3128,8080 After configuring Fail2ban, restart the Fail2ban service for your changes to take effect on your machine. $ sudo systemctl restart fail2ban Conclusion In this guide, you have learned how to install and how to configure the fundamentals of Fail2ban. You can create your own Jails, and you now understand what Fail2ban has to offer and how it can benefit your Linux machine. More Information Fail2ban Official Documentation

Was this answer helpful?
Back

Powered by WHMCompleteSolution