Installing Fail2Ban on CentOS 7

Fail2Ban is an important utility on the modern Internet for stopping “port probe” and other repeat intrusion/login attempts on your Internet services. The following describes how to install and initially configure it to monitor & block repeated login failures on the SSH service.

It isn’t in the standard CentOS 7 Repositories, but is easily installed and configured with the following commands and settings done as the root user:

a) The Fail2Ban package is in the EPEL-Release repository which is activated with the command:

yum install epel-release

b) After the above which makes the EPEL Release Repository available for use, Fail2Ban is installed with:

yum install fail2ban
(type ‘y’ to confirm the EPEL Key etc)

c) Fail2Ban is activated on the system with the command:

systemctl enable fail2ban

A quick SSH based default config for fail2ban is achieved by loading the following lines to the newly created file /etc/fail2ban/jail.local

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

The above configured Fail2Ban to block repeat offenders for 1 hour, to use the IPTables Firewalling capabilities on the SSH port of 22.

After loading the above to the jail.local file, restart the fail2ban service with:

systemctl restart fail2ban

You can check on fail2ban’s operations with the command:

fail2ban-client status

FYI,
Richard.

This entry was posted in Network Presence and tagged , , , . Bookmark the permalink.