In this guide you'll learn how to install fail2ban on CentOS 7, and why fail2ban it's a must for your SSH server.
No matter if your server is private and it's only you who uses it, that doesn't mean you will never be target of bad guys.
How does fail2ban work?
Fail2ban is a service that will log actions of IPs that will try to access your server, in short fail2ban will keep bad guys away from your server.
Before we get started, make sure your system is up to date
Step 1 - Update your system
sudo yum update
Step 2 - Install epel release
In order to install fail2ban, you need to have epel release (Extra packages for Enterprise Linux) installed on your system, as fail2ban it's not included on CentOS package repository.
sudo yum install epel-release
Step 3 - Install Fail2ban
sudo yum install fail2ban
Step 4 - Creating local config file
After installing fail2ban, you need to create a new local config file that will be used by fail2ban as the main config file. Fail2ban stores all configs by default on "/etc/fail2ban/jail.conf" but we dont want to touch that file as it can be overwritten by other packages when you update the system.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
New config file will be located at
Step 5 - Configuring jail.local file
sudo nano /etc/fail2ban/jail.local ----- Copy and paste the config below to your jail.local file [sshd] enabled = true ignoreip = 127.0.0.1/8 bantime = 3600 port = ssh logpath = %(sshd_log)s maxretry = 3 -----
- Ignoreip = Fail2ban will ignore IPs you put here, you're telling to fail2ban do not ban my Ip if i set wrong password x time(s)
- bantime = How long you want to keep IPs banned
- logpath = This option allows you to define the logpath where the fail2ban will store its logs
- maxretry = Number of failures before the ip address gets banned
Step 6 - Setting up startup
systemctl enable fail2ban systemctl start fail2ban
Check fail2ban logs
tail -f /var/log/secure
Fail2ban useful commands
systemctl start fail2ban
systemctl stop fail2ban
systemctl restart fail2ban
Check fail2ban status
systemctl status fail2ban