How To Install fail2ban on Debian 10

Learn how to install fail2ban on Debian 10 with this tutorial. fail2ban is ban hosts that cause multiple authentication errors

Introduction

In this tutorial we learn how to install fail2ban on Debian 10.

What is `fail2ban`

fail2ban is:

Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email.

By default, it comes with filter expressions for various services (sshd, apache, qmail, proftpd, sasl etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. Following recommends are listed:

iptables/nftables – default installation uses iptables for banning. nftables is also suported. You most probably need it
whois – used by a number of mail-whois actions to send notification emails with whois information about attacker hosts. Unless you will use those you don’t need whois
python3-pyinotify – unless you monitor services logs via systemd, you need pyinotify for efficient monitoring for log files changes

There are three methods to install fail2ban on Debian 10. We can use apt-get, apt and aptitude. In the following sections we will describe each method. You can choose one of them.

Install fail2ban Using apt-get

Update apt database with apt-get using the following command.

sudo apt-get update

After updating apt database, We can install fail2ban using apt-get by running the following command:

sudo apt-get -y install fail2ban

Install fail2ban Using apt

Update apt database with apt using the following command.

sudo apt update

After updating apt database, We can install fail2ban using apt by running the following command:

sudo apt -y install fail2ban

Install fail2ban Using aptitude

If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Debian. Update apt database with aptitude using the following command.

sudo aptitude update

After updating apt database, We can install fail2ban using aptitude by running the following command:

sudo aptitude -y install fail2ban

How To Uninstall fail2ban on Debian 10

To uninstall only the fail2ban package we can use the following command:

sudo apt-get remove fail2ban

Uninstall fail2ban And Its Dependencies

To uninstall fail2ban and its dependencies that are no longer needed by Debian 10, we can use the command below:

sudo apt-get -y autoremove fail2ban

Remove fail2ban Configurations and Data

To remove fail2ban configuration and data from Debian 10 we can use the following command:

sudo apt-get -y purge fail2ban

Remove fail2ban configuration, data, and all of its dependencies

We can use the following command to remove fail2ban configurations, data and all of its dependencies, we can use the following command:

sudo apt-get -y autoremove --purge fail2ban

Dependencies

fail2ban have the following dependencies:

python3

References

Summary

In this tutorial we learn how to install fail2ban package on Debian 10 using different package management tools: apt, apt-get and aptitude.