How to Install and Configuration Fail2Ban on CentOS/RHEL/Ubuntu

Fail2ban is a very useful application for the system administrator. It is very helpful to make your server more secure. Fail2Ban scan logs file and has the ability to ban IP’s which is malicious based on the configuration rules. Fail2ban will add a new rule to IPtables and block the IP address of the attacker for some species of time or permanently.

Install Fail2Ban

Fail2Ban is primarily focused to secure server with SSH attacks, but you can do with other service configuration also. This article will help you install Fail2Ban on CentOS/RHEL on 7/6.

Step 1: Install EPEL RPM Repository

Fail2Ban is not available in the official repository. So first we need to add EPEL repository on a server to install Fail2Ban.

For CentOS/RHEL 7:
# yum install epel-release
OR
# yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
For CentOS/RHEL 6:
# yum install epel-release
OR
# yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 2: Install Fail2ban Package

After installing the required repository use yum command to install the fail2ban package.

For CentOS/RHEL
# yum install fail2ban
For Ubuntu
# apt-get install fail2ban

Step 3: Setup Fail2ban Default Configuration

Fail2Ban provides its own security configuration files fail2ban.conf, but if you want to make any changes it will be best to do in the separate file fail2ban.local.

# cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

The jail.conf file will enable Fail2ban for SSH by default with some other configuration. But before changes make a separate file fail.local

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Step 4: Some Basic Configuration

Configure fail2ban.local Settings
After making local configuration file you can do some basic configuration as per your requirement.

# vim /etc/fail2ban/fail2ban.local
# Option: loglevel
# Notes.: Set the log level output.
loglevel = INFO

# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
logtarget = /var/log/fail2ban.log

# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
syslogsocket = auto

# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
socket = /var/run/fail2ban/fail2ban.sock

# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
pidfile = /var/run/fail2ban/fail2ban.pid

# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
dbpurgeage = 86400

STDOUT: output any data
STDERR: output any errors
SYSLOG: message-based logging
FILE: output to a file

Configure fail.local Settings
After making local configuration file you can do some basic configuration as per your requirement.

# vim /etc/fail2ban/fail.local
#"ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed,
# so add your system ip to protect your ip from banned.
ignoreip = 127.0.0.1/8, 192.168.10/24

#"bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
bantime = 600

# A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below
# settings, 2 minutes
findtime = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

No Jails are enabled by default to enable the SSH daemon jail do the mention changes in jail.local

[sshd]
enabled = true

Step 5: Email Configuration

To receive an email when fail2ban is triggered, adjust the email settings in fail.local file.

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = [email protected]

#Sender email address used solely for some actions
sender = [email protected]

# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = sendmail

Step 6: Restart Fail2ban Service

After making all the changes save your file and restart Fail2ban service.

For CentOS/RHEL 6
# service fail2ban restart
# chkconfig fail2ban on
For CentOS/RHEL 7
# systemctl restart fail2ban
# systemctl enable fail2ban

Reference: https://www.fail2ban.org/wiki/index.php/Main_Page

Enjoy it!

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.