HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


How to install Fail2Ban on CentOS 7

Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc.

The commands are executed with root privilege.

Update the software packages in the system using the command

#yum update -y

Now install fail2ban in the server running the below command,

#yum install fail2ban fail2ban-systemd

Update the selinux policy by

#yum update -y selinux-policy*

After the installation,we have to configure and customize the software with a jail.local configuration file,so even though the default jail.conf modified by package upgrades our changes will be safe.All default options will be taken from the jail.conf file and all the thing which you wish to override will be taken from jail.local file.

#cp -pf /etc/fail2ban/jail.conf  /etc/fail2ban/jail.local

Open the jail.local using vim editorand you can set limit to prevent a ban on one or many IP addresses, set bantime duration, etc. Example is given below.

#vim /etc/fail2ban/jail.local
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
Maxretry = 5

We are gonna add a jail file to protect SSH.

Create a file /etc/fail2ban/jail.d/sshd.local using vim and addthe following lines to the file.

#vim /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
port = ssh
#action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 7200

Now enable and start the fail2ban by executing below commands,

#systemctl enable fail2ban
#systemctl start fail2ban 

To track the failed login attempts,use the given command,

#cat /var/log/secure | grep 'Failed password'

And we will get an output like this:

Apr 19 13:08:48 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2
Apr 19 13:08:55 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2
Apr 19 13:08:59 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2

Command to check the status of the Fail2Ban jails and th output iwill be similar as,

# fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd

We can remove the ban of the ip address using the command

#fail2ban-client set sshd unbanip ‘IPADDRESS’

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 1
2345678
9101112131415
16171819202122
23242526272829
30 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional