Install Fail2Ban On CentOS 7

Fail2ban is an open-source software that actively scans the servers log files in real-time for any brute force login attempts, and if found, summarily blocks the attack using the servers firewall software (firewalld or iptables). Fail2Ban runs as a background process and continuously scans the log files for unusual login patterns and security breach attempts.

 

 

Installation

$ yum install epel-release
$ yum install fail2ban fail2ban-systemd

 

Configuration

step 1. copy configuration file.

$ cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

 

step 2. edit the jail.local file 

$ vim /etc/fail2ban/jail.local

contents of jail.local file

[DEFAULT]

ignoreip = 127.0.0.1

# Ban hosts for one hour:
bantime = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# # seconds.
findtime  = 600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
#           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 5

 

 

Run Fail2Ban Servicese

1. firewalld

$ systemctl enable firewalld
$ systemctl start firewalld

2. fail2ban

$ systemctl enable fail2ban
$ systemctl start fail2ban

 

 

Fail2Ban Status

$ fail2ban-client status

 

 

Unbanning An IP Address

$ fail2ban-client set sshd unbanip IPADDRESS