This tutorial decribed you the steps to install Fail2ban on a Debian 10 Buster Linux systems. Also provides you initial configuration with protect SSL using fail2ban.
Prerequisites
You must have a running Debian 10 system with console access. Login to your system with sudo privileged account.
Step 1 – Installing Fail2ban
Fail2ban Debian packages are available under the default apt repositories. You just need to update Apt cache and install fail2ban debian package on your system. Open a terminal and type: After successful installation, make sure service is started. Make sure that fail2ban service is up and running.
Step 2 – Configure Fail2ban
Fail2ban keeps configuration files under /etc/fail2ban directory. The jail.conf file contains a basic configuration that you can use to create a new configuration. Fail2ban uses a separate jail.local file as configuration to avoid updates of jail.conf during packages updates. So create a copy of the configuration file with name jail.local: Next edit jail.local configuration file in a text editor. Update the initial settings under the [DEFAULT] section.
ignoreip – A list of ip address to ignore from ban by the Fail2ban. [DEFAULT] ignoreip = 127.0.0.1/8 192.168.1.0/24123[DEFAULT] ignoreip = 127.0.0.1/8 192.168.1.0/24 bantime – is the number of seconds that a host is banned. bantime = 60m1bantime = 60m findtime – A host is banned if it has generated “maxretry” during the last “findtime” seconds. findtime = 5m1findtime = 5m maxretry – is the number of failures before a host get banned. maxretry = 51maxretry = 5
Step 3 – Manage Fail2ban Service
After making all the changes save your file and restart Fail2ban service using the following command. For testing purposes, I have tried SSH with the wrong credentials from a different machine. After three wrong attempts, Fail2ban blocked that IP via iptables with reject ICMP. You can see the rules in iptables after blocking the IP address as below. For SSH only systems, make sure to have SSH access from another IP before making these tests.
Conclusion
This tutorial helped you to install and configure Fail2ban on Ubuntu 20.04 LTS system. Additioally provided you the configuration details to secure specific services like SSH, SFTP and FTP.