How To Install Fail2Ban on Centos 7 & Protect SSH

Share it:
How To Install  Fail2Ban on Centos 7 & Protect SSH

Linux servers can be accessible via ssh and uses the port no 22 for administration purposes.

It is a known port and can be vulnerable to brute-force attacks, Fail2Ban helps to avoid this attackers from entering the server.

Fail2ban scans log files and bans IP's that are showing suspicious and too many password failure, it also reduces the rate of incorrect authentication attempts

Features in Fail2ban

  • client/server
  • Multi threaded
  • Gamin support
  • Database support
  • Python based actions
  • autodetection of date/time format
  • wildcard support in logpath option
  • support for lot of services and actions

Install Fail2ban on Centos 7

EPEL Repository needs to be installed and enabled for Fail2Ban installation.

Step 1: Install EPEL Repository

yum install epel-release
Step 2: Install Fail2ban
yum update && yum install fail2ban fail2ban-systemd
Step 3: Update the SELinux Policies if installed
yum update -y selinux-policy*

Configure Fail2Ban

Step 4 : After successful installation we have to configure it to start blocking the attacks
cp -p /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Step 5 :Edit the jail.local file and search for the section [DEFAULT]
vi /etc/fail2ban/jail.local

  • ignoreip: By providing the ip address in this field will ignore checking those IP's
  • bantime: Option is marked in seconds and explains how long the ip address or host can be banned
  • Maxretry: No.of failures before the host is banned
  • findtime:If a host exceeds the maxretry setting within the time period specified by findtime option it is specified by bantime option

Step 6 :Create Jail file and add the below paramters
vi /etc/fail2ban/jail.d/sshd.local
[sshd]enabled = trueport = ssh#action = firewallcmd-ipsetlogpath = %(sshd_log)smaxretry = 5bantime = 86400
Step 7 :Running Fail2Ban service
systemctl enable firewalld && systemctl start firewalld
Step 8 :Start Fail2Ban service
systemctl enable file2ban && systemctl start file2ban

Step 9 :Check Fail2Ban status
$fail2ban-client statusStatusNumber of jail: 1Jail list: sshd

Unbanning IP Address on Fail2Ban

To Remove the banned IP Address use the below command
fail2ban-client set sshd unbanip $ip_address
Share it:

Post A Comment: