How to install Fail2Ban and protect your SSH on CentOS

Cort Ammon

Member
Registered
Joined
Jul 8, 2016
Messages
48
Points
8
Fail2ban is a background application monitoring log file to detect the wrong IP address logged SSH password multiple times. Fail2ban uses iptables firewall rules to block IP addresses immediately with a predetermined time period.

Install fail2ban

We will install fail2ban through Repo EPEL

Code:
yum install EPEL-release
yum install fail2ban

Configuring fail2ban

After installation is complete, you open up fail2ban configuration files will see a number of parameters are as follows:

Code:
nano /etc/fail2ban/jail.conf
[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600

# "maxretry" is the number of failures before a host get banned.
Explanation:

ignoreip: do not block these addresses
bantime: interval (seconds) IP block
findtime: interval (seconds) a login to successful IP
maxretry: the maximum number of login false
The default configuration is quite good, we do not need to change more on these configurations


Restart Service Fail2Ban

Code:
chkconfig --level 23 fail2ban on
service fail2ban start
Finally check to see if the rule of iptables fail2ban exists or not

Code:
iptables -L
To view the IP has been banned by fail2ban you use the command:

Code:
fail2ban-client status ssh-iptables
To delete the IP from the list of banned, you use the following command

Code:
fail2ban-client set ssh-iptables unbanip YOUR_IP_ADDRESS
Replace YOUR_IP_ADDRESS to the IP you want to unban.

For more info, you can visit fail2ban here.
 
Recommended Threads
Replies
4
Views
3,156
Replies
11
Views
3,300
fwh
Replies
0
Views
1,287
Replies
5
Views
3,440

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top