This article will guide you how to install Fail2Ban on CentOS so that you can protect your server from Brute force attacks, previously we have discuss about some basic configs for CentOS. But sometimes that is not enough as brute force attacks may occur occasionally.
Fail2ban scan log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc. using firewall.
Login to your server as a root user.
Note: Fail2ban is not available by default in CentOS,so you have to firstly add EPEL repo to install directly it via yum.
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm
Now install it using YUM:
yum install fail2ban –y
Once Fail2ban is installed on your VPS, next you have to do some basic Fail2Ban configuration.
The default Fail2Ban configuration file is /etc/fail2ban/jail.conf, however it is not recommended to modify it directly.
Firstly make a local copy of default configuration file.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now edit jail.local file you copied by using your favorite editor like Nano.
Pay attention to the global options in [DEFAULT] section.It covers the basic rules that Fail2Ban will follow.
Scroll down the page for all available configurations. You can edit as suits your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.
If you wish to tweak the existing filters or add new filters, you can find them in the/etc/fail2ban/filter.d directory.
Tweaking Fail2Ban Filters
If you want to tweak the existing filters or add new filters, you can find them in the/etc/fail2ban/filter.d directory.
For example, to modify Fail2Ban filter for OpenSSH, edit the following file:
Now restart Fail2ban so the new configuration can take effect.
systemctl restart fail2ban.service
Service fail2ban restart
To test Fail2Ban and to see the rules that Fail2Ban puts in effect, look at iptables:
Manually un-ban the IP from Fail2Ban:
Use the flowing command to manually unban IP address, banned by Fail2Ban:
fail2ban-client set JAIL unbanip IP
That’s it. Enjoy..