Installing Fail2ban on CentOS

In this article, we will show you how to install fail2ban on your CentOS VPS. Fail2ban is free, open source software developed in Python. It is a great and very useful tool for stopping endless brute force attacks on your services and preventing intrusions into your system. Fail2ban scans log files on the server for repeated password failures and bans attacked IP addresses.

Fail2ban is not available by default on CentOS, so first we need to enable the third party EPEL repository.

CentOS 6 32 bit:

rpm -Uvh http://mirror.pnl.gov/epel//6/i386/epel-release-6-8.noarch.rpm

CentOS 6 64 bit:

rpm -Uvh http://mirror.us.leaseweb.net/epel/6/x86_64/epel-release-6-8.noarch.rpm

You can verify that EPEL storage is enabled by running:

# yum repolist
Repository base is listed more than once in the configuration
repo id                                   repo name                                                              status
base                                      CentOS 6 - i686 - Base                                                 4,787+15
epel                                      Extra Packages for Enterprise Linux 6 - i386                              7,959
extras                                    CentOS-6 - Extras                                                            12
updates                                   CentOS-6 - Updates                                                       844+50
updates-released                          CentOS 6 - i686 - Released Updates                                       844+50
repolist: 14,446

Install fail2ban using the standard way to install rpm packages:

yum install fail2ban

Set fail2ban to start automatically on boot:

chkconfig --add fail2ban
chkconfig fail2ban on

In this case, the installation is performed. Now you need to configure the Fail2ban settings according to your needs, the path to edit the default configuration file ‘jail.conf’ located in the ‘/ etc / fail2ban’ directory on your server. In this file you can set what services you want to control, the number of unsuccessful login attempts before the IP address is banned, the time it is banned for its IP address, etc …

Open /etc/fail2ban/jail.conf and add your own IP and all your trusted IPs to ignoreip… Each IP / network can be separated by a space. For example:

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 1.2.3.4 122.122.122.0/24

The next thing you will notice is bantime … This number shows how long the IP address will be blocked by the server in seconds. The default is 600 seconds, and you can increase or decrease this number according to your needs.

maxretry this is the number of unsuccessful login attempts before fail2ban banning the IP address.

findtime there is a time frame in which the host must enter. This means that if a host fails to log into some of your services at the specified time, then it will be denied. The default findtime is 600 seconds.

This file also contains default sections with general rules about some of the services that can be controlled.

After you have made the necessary changes in the jail.conf file, you need to restart fail2ban:

service fail2ban restart

You can test the Iptables rules added by Fail2ban by running:

iptables -L

PS. If you liked this post, please share it with your friends on social networks using the buttons on the left side of the post, or just leave a comment below. Thank you in advance.

Sidebar