Looking for how to install fail2ban on CentOS? We can help you with this!
As part of our Server Management Services, we assist our customers with several CentOS queries.
Today, let us see how our support techs help our customers to install fail2ban on CentOS.
Install fail2ban on CentOS
Fail2ban is open-source software that actively scans the server’s log files in real-time for any brute force login attempts, and if found, it blocks the attack using the server’s firewall software.
In order to install Fail2Ban on CentOS, we first need to install EPEL before installing Fail2ban. The EPEL repository contains extra Packages for Enterprise Linux.
sudo yum install epel-release sudo yum install fail2ban
After that, we need to configure and adjust the software with an updated jail.local configuration file.
First, we will make a copy of the “jail.conf” file to make a local configuration with this command.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Then, we will need to edit the jail.local file in Vi using the following command. For example,
sudo vi /etc/fail2ban/jail.local
[DEFAULT] ignoreip = 127.0.0.1/8 ::1 bantime = 5m findtime = 5m maxretry = 7
Here, for ignoreip, which allows us to exclude certain IP addresses from being banned. For bantime, determines how long an offending host will remain blocked until automatically unblocked. For findtime and maxretry, the find time sets the time window for the max retry attempts before the host IP attempting to connect is the blocked.
After completing the basic configurations, we need to check the different jails available in the configuration options.
For SSH jail settings, we can find at the top of the jails list, are disabled by default. We should turn them on by adding enabled = true in the SSH jail section.
[sshd] enabled = true
After enabling all the jails we wish, save the configuration file. Then we will need to restart the monitor with the following command.
sudo systemctl restart fail2ban
Now we should check the iptable rules for the newly added jail sections on each of the application modules you enabled.
sudo iptables -L
All the banned IP addresses will appear in the specific chains that the failed login attempts occurred at. Using the following commands, we can also manually ban and unban IP addresses from the services defined by jails.
sudo fail2ban-client set <jail> banip/unbanip <ip address>
sudo fail2ban-client set sshd unbanip 188.8.131.52
[Need further assistance? Contact us now]
In short, today we discussed how our Support Techs helps our customers to install fail2ban on CentOS.