Fail2ban is a tool that is used to protect Linux-based machines from automated attacks by improving their security. It monitors the logs for any malicious activity and allows the user to temporarily or permanently block remote IP addresses This how-to guide will explain how to install, configure and set up Fail2ban on a Debian 11 based system.

How to install Fail2ban on Debian 11

Fail2ban is available in the default repository of Debian 11, so it can easily be installed by using the default package manager of Debian: After successful installation, the Fail2ban service should start automatically. You can verify this by running the command: If the service is not active on your system, then you can use the following commands to starts and enable it:

How to configure Fail2ban on Debian 11

Fail2ban comes with two different configuration files which are located in the /etc/fail2ban directory. These config files have a basic configuration that should not be modified as these files may be overwritten when a package update arrives. We can use a separate .local file as a configuration file to avoid any future hassle. So we will make a local config file by copying the jail.conf file: Now, open the newly created file in a text editor: Here you can update the settings according to your needs. You can add an ignoreip directive to ignore/whitelist IP addresses from ban. Here I have listed two different IP addresses as examples. You can put any IP address that you want to whitelist: The bantime directive can be used to set a duration of time for which an IP address will remain banned. We can use a suffix like m,d to specify the unit of time which by default is in seconds. The findtime directive specifies the duration of time for the number of failures before a ban is placed. If Fail2ban is going to ban an IP after 4 failed attempts, the findtime directive defines the time interval in which the failures must occur. The maxretry is used to define the number of failed attempts before an IP gets blacklisted. After making all the necessary changes, you can simply just save and save the config file. Now restart the service to let the changes take effect:

Conclusion

Fail2ban allows us to configure our system in a way that it becomes more secure against brute attacks as well as other malicious activities. It protects our system by checking the logs and blacklisting IP addresses that are suspicious. These security measures are essential, especially for systems that are accessible on public networks. In this article, we learned to install, configure and set up Fail2ban on Debian 11.