In this article, we will show you how to install fail2ban on your CentOS VPS. Fail2ban is free, open source software developed in Python. It is a great and very useful tool for stopping endless brute force attacks on your services and preventing intrusions into your system. Fail2ban scans log files on the server for repeated password failures and bans attacked IP addresses.
Fail2ban is not available by default on CentOS, so first we need to enable the third party EPEL repository.
CentOS 6 32 bit:
rpm -Uvh http://mirror.pnl.gov/epel//6/i386/epel-release-6-8.noarch.rpm
CentOS 6 64 bit:
rpm -Uvh http://mirror.us.leaseweb.net/epel/6/x86_64/epel-release-6-8.noarch.rpm
You can verify that EPEL storage is enabled by running:
# yum repolist Repository base is listed more than once in the configuration repo id repo name status base CentOS 6 - i686 - Base 4,787+15 epel Extra Packages for Enterprise Linux 6 - i386 7,959 extras CentOS-6 - Extras 12 updates CentOS-6 - Updates 844+50 updates-released CentOS 6 - i686 - Released Updates 844+50 repolist: 14,446
Install fail2ban using the standard way to install rpm packages:
yum install fail2ban
Set fail2ban to start automatically on boot:
chkconfig --add fail2ban chkconfig fail2ban on
In this case, the installation is performed. Now you need to configure the Fail2ban settings according to your needs, the path to edit the default configuration file ‘jail.conf’ located in the ‘/ etc / fail2ban’ directory on your server. In this file you can set what services you want to control, the number of unsuccessful login attempts before the IP address is banned, the time it is banned for its IP address, etc …
Open /etc/fail2ban/jail.conf and add your own IP and all your trusted IPs to ignoreip… Each IP / network can be separated by a space. For example:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 184.108.40.206 220.127.116.11/24
The next thing you will notice is bantime … This number shows how long the IP address will be blocked by the server in seconds. The default is 600 seconds, and you can increase or decrease this number according to your needs.
maxretry this is the number of unsuccessful login attempts before fail2ban banning the IP address.
findtime there is a time frame in which the host must enter. This means that if a host fails to log into some of your services at the specified time, then it will be denied. The default findtime is 600 seconds.
This file also contains default sections with general rules about some of the services that can be controlled.
After you have made the necessary changes in the jail.conf file, you need to restart fail2ban:
service fail2ban restart
You can test the Iptables rules added by Fail2ban by running:
PS. If you liked this post, please share it with your friends on social networks using the buttons on the left side of the post, or just leave a comment below. Thank you in advance.