Fail2Ban Installation on Debian 12

3 months ago

nikolay

2 minutes

How to install Fail2Ban on Debian 12

System Update

sudo apt update

Install Fail2Ban package via apt package manager

sudo apt install fail2ban -y

Configuration Editing

You can open the main Fail2Ban configuration using:

nano /etc/fail2ban/jail.conf

Example configuration for the sshd service:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

Typically, the configuration already includes basic protection for public services, and in this file, you will find many settings, but you can modify the settings to suit your needs if necessary. For example:

ignoreip: A list of IP addresses that Fail2Ban will not block. You should add your own IP address here to avoid accidental blocking: ignoreip = 127.0.0.1/8 ::1
bantime: The time in seconds an IP address will be banned. The default is 10 minutes (600 seconds). Initially, you can set a value, for example, 1 hour (3600 seconds) or more: bantime = 3600
findtime: The period in seconds during which Fail2Ban will monitor the number of failed attempts. The default is 10 minutes (600 seconds). findtime = 600
maxretry: The maximum number of failed login attempts before an IP address is blocked. The default is 5. Initially, you can leave it as is: maxretry = 5

Restart and Autostart Fail2Ban

sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

Order a dedicated server here.