Install Fail2ban on CentOS

Install Fail2ban on CentOS

In this article we will explain how to install fail2ban on CentOS. Fail2ban is a free and open source framework developed in Python. It is an excellent and very helpful tool for stopping the endless brute force attacks on your services and preventing intrusions into your system. Fail2ban scans the log files on your server for repeated password failures and bans the offending IP addresses. Installing Fail2Ban on CentOs is an easy task if you carefully follow the steps bellow.

Fail2ban is not available by default under CentOS, so first we need to enable the third party EPEL repository.

CentOS 6 32 bit:

# rpm -Uvh http://mirror.pnl.gov/epel//6/i386/epel-release-6-8.noarch.rpm

CentOS 6 64 bit:

# rpm -Uvh http://mirror.us.leaseweb.net/epel/6/x86_64/epel-release-6-8.noarch.rpm

You can verify that the EPEL repository is enabled by executing:

# yum repolist
Repository base is listed more than once in the configuration
repo id                                   repo name                                                              status
base                                      CentOS 6 - i686 - Base                                                 4,787+15
epel                                      Extra Packages for Enterprise Linux 6 - i386                              7,959
extras                                    CentOS-6 - Extras                                                            12
updates                                   CentOS-6 - Updates                                                       844+50
updates-released                          CentOS 6 - i686 - Released Updates                                       844+50
repolist: 14,446

Install fail2ban using the standard way for installing rpm packages:

# yum install fail2ban

Set fail2ban to start automatically on boot:

# chkconfig --add fail2ban
# chkconfig fail2ban on

With this, the installation is done. Now you need to tweak fail2ban’s settings according to your needs by editing the default configuration file ‘jail.conf’ located in the ‘/etc/fail2ban’ directory on your server. In this file you can set which services you want to be monitored, the number of failed login attempts before the IP address is banned, the ban time of the IP address, etc…

Open the /etc/fail2ban/jail.conf file and add your own IP address and all your trusted IP addresses into the ignoreip line. Each IP address/network can be separated with a space. For example:

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1 1.2.3.4 123.123.123.0/24

The next thing you will notice is bantime. This number shows how long the IP address will be blocked for by the server in seconds. The default number is 600 seconds and you can decrease or increase this number according to your needs.

maxretry is the number of failed login attempts before fail2ban bans an IP address.

findtime is a time frame in which a host has to log in. This means that if a host fails to log in to some of your services in this time frame it will be banned. The default findtime is 600 seconds.

This file also contains default sections with basic rules about a few services that can be monitored.

Once you have made the desired changes in the default jail.conf file you need to restart fail2ban:

# service fail2ban restart

You can check the iptables rules added by fail2ban by executing:

# iptables -L

Of course, if you are one of our Linux VPS Hosting customers, you don’t have to Install Fail2ban on CentOS, simply ask our admins, sit back and relax. Our admins will install Fail2Ban for you immediately.

PS. If you liked this post, on how to Install Fail2ban on CentOS,  please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks

 

Leave a Comment