Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Linux Tutorials»How to Install Fail2Ban on CentOS/RHEL 7/6

    How to Install Fail2Ban on CentOS/RHEL 7/6

    By RahulOctober 19, 20192 Mins Read

    Fail2ban is a very useful application for you if you are managing the security of the server, or you are running your own VPS or physical server. Fail2ban scan log files created on the system and has the ability to ban IPs which found malicious based on configuration rules. We can use it for monitoring various system services logs like Apache, SSH and blog the IPs which are trying to breach the system’s security.

    Advertisement

    fail2ban-medium

    Step 1 – Install Fail2ban on CentOS

    First of all, enable epel-release yum repository on your CentSO system. Then install the Fail2ban rpm package using the following commands.

    sudo yum install epel-release
    sudo yum install fail2ban
    

    Step 2 – Fail2ban Default Configuration

    Fail2ban provides its own security configuration file /etc/fail2ban/jail.conf, but we need to create a copy of this file as jail.local.

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
    sudo vi /etc/fail2ban/jail.local 
    

    Now we need to make necessary changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [DEFAULT]
     
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed,
    # so add your system ip to protect your ip from banned.
    ignoreip = 127.0.0.1/8 192.168.1.0/24 11.22.33.44
     
    # "bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
    bantime  = 3600
     
    # A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below
    # settings, 2 minutes
    findtime  = 120
     
    # "maxretry" is the number of failures before a host get banned.
    maxretry = 3

    Step 3 – Protect SSH/SFTP

    After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

    enabled  = true
    filter   = sshd
    action   = iptables[name=SSH, port=22, protocol=tcp]
               sendmail-whois[name=SSH, dest=root, [email protected], sendername="Fail2Ban"]
    logpath  = /var/log/secure
    maxretry = 3
    

    Step 4 – Protect FTP

    Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.

    [vsftpd-iptables]
    
    enabled  = true
    filter   = vsftpd
    action   = iptables[name=VSFTPD, port=21, protocol=tcp]
               sendmail-whois[name=VSFTPD, [email protected]]
    logpath  = /var/log/vsftpd.log
    maxretry = 5
    bantime  = 1800
    

    Step 4 – Restart Fail2ban Service

    After making all the changes save your file and restart Fail2ban service using the following command.

    sudo service fail2ban restart
    

    fail2ban fail2ban ssh secure ftp secure sshd security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    An Introduction to the “./configure” Command: Compiling Source Code in Linux

    Getting Started with Linux Command line: The Beginning

    Backing Up Your Linux System with Rsync: A Step-by-Step Guide

    Add A Comment

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • How to Split Large Archives in Linux using the Command Line
    • System.out.println() Method in Java: A Beginner’s Guide
    • Split Command in Linux With Examples (Split Large Files)
    • Test Your Internet Speed from the Linux Terminal
    • 11 Practical Example of cat Command in Linux
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.