Fail2Ban is a great and very useful tool that scans log files (eg /var/log/apache/error_log ) and blocks IP addresses that show signs of malware – too many bad passwords, search for exploits and others. This article will focus on a Linux server running on Debian 11.
Preliminary Actions
First you need to update your server. To do this, enter a simple command:
apt update && upgrade
It is worth noting that the installation is not difficult, since Fail2Ban is already included in the repositories of your Debian 11. Installation is easy, just enter the command:
apt install fail2ban
After you set it up, please check. The verification step is extremely important for making future adjustments:
systemctl status fail2ban
If Fail2ban is not running on your instance, you need to run it. This can be done with the following command:
systemctl start fail2ban
Next, move on to configuring Fail2ban. This is necessary for proper launch. Enter the following command:
systemctl enable fail2ban
Configuring Fail2Ban
If the first installation step was successfully completed and verified, then you can proceed to the Fail2ban configuration. Fail2ban is installed bundled with a default configuration file. This file contains configurable settings in Fail2ban. The file location is as follows:
/etc/fail2ban/jail.conf
The file contains settings known as filters for configuring Fail2ban. This tool also has many options in its configuration file. These options can be useful for specific scripts and services that work with each other on your Linux machine.
- The bantime value is the exact time during which the malicious IP is blocked
- The maxretry value – The number of times the user will try to login. If the limit is exceeded, the IP address is blocked.
- The ignoreip value is the networks you trust. All networks you enter here will bypass Fai2Ban filtering.
- The enable value allows Fail2ban to confirm whether you want this jail to be enabled or disabled.
Next is to talk about jails. It has an individual customization option. Jails can increase the security of your Linux computer in many ways. You can add different filters to your server services. The first step is to create the jail.local configuration file. You can do it like this:
touch /etc/fail2ban/jail.local
Open jail.local in a text editor of your choice.
nano /etc/fail2ban/jail.local.
After the clarifications above have been provided regarding hail conf. you will be able to apply this directly to the configuration.
enabled = true
port = ssh
bantime = 10h
maxretry = 12
ignoreip = Any_IP
[apache-badbots]
enabled = true
port = http,https, smtp...
bantime = 72h
maxretry = 3
[squid]
enabled = false
port = 80,443,25, 1234...
Leave A Comment?