Fail2ban is a popular security application that protects your system from brute force and bot attacks. It automatically analyzes and blocks malicious traffic and even blacklists suspicious IP addresses for you. In this article, we will look at how to install Fail2ban in CentOS 7.
How to Install Fail2ban in CentOS 7
Here are the steps to install Fail2ban in CentOS 7.
1. Install Fail2ban in CentOS 7
Switch to root user or a user with root privileges to run the following commands. Open terminal and install EPEL repository for Fail2ban since it is not directly available in CentOS.
$ sudo yum install epel-release
Install Fail2ban with the following command.
$ sudo yum install fail2ban fail2ban-systemd
2. Run Fail2ban
Run the following commands to enable Fail2ban to autostart during system boot, as well as start right now.
$ systemctl enable fail2ban $ systemctl start fail2ban
3. Copy configuration file
By default, Fail2ban provides a configuration file at /etc/fail2ban/jail.conf. Create a copy of it to make changes since the original one might be modified during updates. We will call it jail.local so that Fail2ban can automatically find it.
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
If you open the file, you will find many popular services are already configured in it, but turned off.
4. Customize Configuration
Open fail2ban configuration file.
$ sudo vi /etc/fail2ban/jail.local
Here is the default section that contains default configuration.
[DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 5
Use your IP address in ignoreip section to whitelist it. You can enter multiple IP addresses here separated by spaces. Fail2ban uses different parameters such as bantime, findtime, and maxretry to control its security mechanisms. You can change them as per your convenience. Their meaning and function is explained as comments above.
You can also add other services in this file, as separate sections. Here is an example to configure SSH protection.
[sshd] enabled = true port = ssh action = iptables-multiport logpath = /var/log/secure maxretry = 5 bantime = 600
In the above code, we use [..] to identify the set of rules e.g. [sshd]. enabled parameter is used to turn on/off protection for a particular port using true/false values respectively. This port is specified using port parameter. action describes the action to be taken for malicious traffic. Each action is a file name in action.d directory. ‘iptables-multiport’ is the default ban action. logpath refers to the location of log file for this service. maxretry and bantime sets the number of retries allowed and amount of time to be banned for this service.
5. Restart Fail2ban
Restart Fail2ban to apply changes.
$ sudo systemctl restart fail2ban
You can check the fail2ban status with the following command.
$ sudo fail2ban-client status
You can check fail2ban status for a particular service by using its name from configuration file.
$ sudo fail2ban-client status sshd
If you want to unban IP address that was banned by Fail2ban use the following command
$ sudo fail2ban-client set JAIL unbanip IPADDRESS
For example, here is the command to unban IP address banned using sshd configuration rules.
$ sudo fail2ban-client set sshd unbanip 188.8.131.52
That’s it. In this article, we have looked at the steps to install Fail2ban in CentOS 7. You can use these steps for other CentOS versions and RedHat Linux also.
How to Copy File to Multiple Directories
Shell Script to Loop Through Files in Directory
How to Loop Over Lines of File in Bash
Shell Script to Tar Multiple Files & Folders
How to Check if Directory Exists in Shell Script