How to Install Fail2ban on Debian Squeeze

Fail2ban is an important software for system administrator. It scans log files (e.g. /var/log/auth.log) and bans IPs that show malicious signs, something like too many password failures and looking for exploits.

To install fail2ban, execute this command:

# apt-get install fail2ban

Open the configuration file to activate some rules:

# nano /etc/fail2ban/jail.conf

Find following line to set email destination for notification:

destemail = root@yourdomain.com

Find following line to set ban time:

bantime = 3600 

To enable ssh protection, make sure the file contains the following lines:

[ssh]

enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 4

You can adjust logpath and maxretry to suit your own setting.

To enable apache protection, make sure the file contains the following lines:

[apache]

enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 4

To enable vsftpd protection, make sure the file contains the following lines:

[vsftpd]

enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = vsftpd
logpath  = /var/log/vsftpd.log
maxretry = 4

Restart fail2ban:

# /etc/init.d/fail2ban restart

Monitor fail2ban log:

# tail -f /var/log/fail2ban.log

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.