How to Install and Configure Fail2ban on Debian Squeeze

Valic —  December 18, 2012 — Leave a comment

Fail2ban scans log files and bans IPs that show malicious signs, something like too many password failures and looking for the most common exploits.

Step1. Install Fail2ban on Debian

apt-get install fail2ban

Step2.  Configure Fail2ban.

You can configure Fail2Ban using the configuration files located in /etc/fail2ban/

The main config file and the most important is jail.local

In the following steps I will show you some configuration examples. You can study the Fail2ban man files later.

Step2.1 Add or modify the following line to set email destination for Fail2ban notifications:

destemail = [email protected]

Step2.2 Set the ban time:

bantime  = 6000 #in seconds

Step2.3  Protect the SSH Server against failed access attempts.

enabled = true
port    = ssh
action = iptables
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 5

  • enabled – This Enables the Fail2ban checking for SSH server
  • port – Service port for SSH. If you changed the port use port: port_nr
  • action – This option tells Fail2ban which action to take once a filter matches.
  • filter -  This is the name of the filter to be used by the service to detect matches.
  • logpath – This is the log file that Fail2ban checks for failed login attempts.
  • maxtery – This is the number of matches which triggers ban action on the IP.

Step2.4 Enable apache2 protection:

enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 5

Step2.5 Enable Nginx protection.

enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/nginx*/*error.log
maxretry = 5

NOTE: You can enable protection for more services such as qmail, proftpd, vsftpd, sasl, asterisk, postfix, courier, Bind, etc.

Step3 Testing configuration.

fail2ban-client -d

This will dump the configuration and show errors.

Step4 Restart Fail2ban:

/etc/init.d/fail2ban restart


Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply