/ Tutorials

Secure your SSH Server with Fail2ban

In this guide you'll learn how to install fail2ban on CentOS 7, and why fail2ban it's a must for your SSH server.

No matter if your server is private and it's only you who uses it, that doesn't mean you will never be target of bad guys.

How does fail2ban work?
Fail2ban is a service that will log actions of IPs that will try to access your server, in short fail2ban will keep bad guys away from your server.

Before we get started, make sure your system is up to date

Step 1 - Update your system

sudo yum update

Step 2 - Install epel release

In order to install fail2ban, you need to have epel release (Extra packages for Enterprise Linux) installed on your system, as fail2ban it's not included on CentOS package repository.

sudo yum install epel-release

Step 3 - Install Fail2ban

sudo yum install fail2ban

Step 4 - Creating local config file

After installing fail2ban, you need to create a new local config file that will be used by fail2ban as the main config file. Fail2ban stores all configs by default on "/etc/fail2ban/jail.conf" but we dont want to touch that file as it can be overwritten by other packages when you update the system.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

New config file will be located at /etc/fail2ban/jail.local

Step 5 - Configuring jail.local file

sudo nano /etc/fail2ban/jail.local

-----

Copy and paste the config below to your jail.local file

[sshd]
enabled = true
ignoreip = 127.0.0.1/8
bantime = 3600
port = ssh
logpath = /var/log/secure
maxretry = 3

-----

  • Ignoreip = Fail2ban will ignore IPs you put here, you're telling to fail2ban do not ban my Ip if i set wrong password x time(s)
  • bantime = How long you want to keep IPs banned
  • logpath = This option allows you to define the logpath where the fail2ban will store its logs
  • maxretry = Number of failures before the ip address gets banned

Step 6 - Setting up startup

systemctl enable fail2ban
systemctl start fail2ban

Check fail2ban logs

tail -f /var/log/secure

Fail2ban useful commands

Start fail2ban
systemctl start fail2ban

Stop fail2ban
systemctl stop fail2ban

Restart fail2ban
systemctl restart fail2ban

Check fail2ban status
systemctl status fail2ban

Secure your SSH Server with Fail2ban
Share this

Recent Posts

How to Stress Test your Web/App In this tutorial you'll learn how to stress test.. How to Hide Nginx Version Hiding nginx version from showing on error pages/h.. How to Install git on Linux and Windows In this tutorial you'll learn how to install git o..