How to Install Fail2Ban on CentOS/RHEL 7/6

    RahulBy 2 Mins ReadUpdated:

    Fail2ban is a very useful application for you if you are managing the security of the server, or you are running your own VPS or physical server. Fail2ban scan log files created on the system and has the ability to ban IPs which found malicious based on configuration rules. We can use it for monitoring various system services logs like Apache, SSH and blog the IPs which are trying to breach the system’s security.

    fail2ban-medium

    Step 1 – Install Fail2ban on CentOS

    First of all, enable epel-release yum repository on your CentSO system. Then install the Fail2ban rpm package using the following commands.

    sudo yum install epel-release
sudo yum install fail2ban

    Step 2 – Fail2ban Default Configuration

    Fail2ban provides its own security configuration file /etc/fail2ban/jail.conf, but we need to create a copy of this file as jail.local.

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local

    Now we need to make necessary changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    [DEFAULT]
     
    # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed,
    # so add your system ip to protect your ip from banned.
    ignoreip = 127.0.0.1/8 192.168.1.0/24 11.22.33.44
     
    # "bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
    bantime  = 3600
     
    # A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below
    # settings, 2 minutes
    findtime  = 120
     
    # "maxretry" is the number of failures before a host get banned.
    maxretry = 3

    Step 3 – Protect SSH/SFTP

    After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.

    enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=22, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, [email protected], sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 3

    Step 4 – Protect FTP

    Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.

    [vsftpd-iptables]

enabled  = true
filter   = vsftpd
action   = iptables[name=VSFTPD, port=21, protocol=tcp]
           sendmail-whois[name=VSFTPD, [email protected]]
logpath  = /var/log/vsftpd.log
maxretry = 5
bantime  = 1800

    Step 4 – Restart Fail2ban Service

    After making all the changes save your file and restart Fail2ban service using the following command.

    sudo service fail2ban restart
    Share.

    Related Posts

    Leave A Reply