In this article we will explain how to install fail2ban on CentOS. Fail2ban is a free and open source framework developed in Python. It is an excellent and very helpful tool for stopping the endless brute force attacks on your services and preventing intrusions into your system. Fail2ban scans the log files on your server for repeated password failures and bans the offending IP addresses. Installing Fail2Ban on CentOs is an easy task if you carefully follow the steps bellow.
Fail2ban is not available by default under CentOS, so first we need to enable the third party EPEL repository.
CentOS 6 32 bit:
# rpm -Uvh http://mirror.pnl.gov/epel//6/i386/epel-release-6-8.noarch.rpm
CentOS 6 64 bit:
# rpm -Uvh http://mirror.us.leaseweb.net/epel/6/x86_64/epel-release-6-8.noarch.rpm
You can verify that the EPEL repository is enabled by executing:
# yum repolist Repository base is listed more than once in the configuration repo id repo name status base CentOS 6 - i686 - Base 4,787+15 epel Extra Packages for Enterprise Linux 6 - i386 7,959 extras CentOS-6 - Extras 12 updates CentOS-6 - Updates 844+50 updates-released CentOS 6 - i686 - Released Updates 844+50 repolist: 14,446
Install fail2ban using the standard way for installing rpm packages:
# yum install fail2ban
Set fail2ban to start automatically on boot:
# chkconfig --add fail2ban # chkconfig fail2ban on
With this, the installation is done. Now you need to tweak fail2ban’s settings according to your needs by editing the default configuration file ‘jail.conf’ located in the ‘/etc/fail2ban’ directory on your server. In this file you can set which services you want to be monitored, the number of failed login attempts before the IP address is banned, the ban time of the IP address, etc…
Open the /etc/fail2ban/jail.conf file and add your own IP address and all your trusted IP addresses into the ignoreip line. Each IP address/network can be separated with a space. For example:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1 184.108.40.206 220.127.116.11/24
The next thing you will notice is bantime. This number shows how long the IP address will be blocked for by the server in seconds. The default number is 600 seconds and you can decrease or increase this number according to your needs.
maxretry is the number of failed login attempts before fail2ban bans an IP address.
findtime is a time frame in which a host has to log in. This means that if a host fails to log in to some of your services in this time frame it will be banned. The default findtime is 600 seconds.
This file also contains default sections with basic rules about a few services that can be monitored.
Once you have made the desired changes in the default jail.conf file you need to restart fail2ban:
# service fail2ban restart
You can check the iptables rules added by fail2ban by executing:
# iptables -L
PS. If you liked this post, on how to Install Fail2ban on CentOS, please share it with your friends on the social networks or simply leave a reply below. Thanks