Recommended VPS Complete list of best VPS hosting providers.

How to Install Fail2Ban on CentOS

This guide explains how to install Fail2ban software, an intrusion prevention framework on your CentOS 7 (and 6) vps easily so you can protect your server from brute-force attacks. I previously posted some basic configs for a new CentOS server including to change default SSH port and to disable root login directly. But however sometimes that would be not enough. Brute-force attack may occur continuously, hence you need to ban the source IP of that attack so it will not happen continuously or at least the attacker will need many IPs. Meed Fail2Ban that exists originally for that purpose, to protect your server from SSH brute-force attack.

Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.

Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

How to Install

Step 1 – Login to your server as user with root privilege.

fail2ban-centos

Step 2 –  For your information, Fail2ban is not available by default in CentOS so you can’t install it directly via yum. Hence, you have to firstly add EPEL repo:

CentOS 6:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

CentOS 7:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm

pic, screenshot on CentOS 7:

fail2ban-centos-add-repo

In case if those repo URLs are not working, you can fine the latest one here.

Step 3 – Now install it using yum:

yum install fail2ban -y

fail2ban-centos-install

and once done you’ll see something like this:

fail2ban-centos-installed

How to Configure Fail2Ban

Step 4 – So now fail2ban is installed on your VPS, what next to do is setting up some basic Fail2ban configuration. Here I’ll show you a very basic setup. Now firstly copy default configuration file:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

This task is necessary so you can edit configuration locally (your own setting) without messing up with default one. There are lot of possible services that may need protection are in the jail.local file already.

fail2ban-centos-copy-config

Step 5 – Now edit jail.local file you copied. Use your favorite text editor like Nano or vi.

nano /etc/fail2ban/jail.local

You’ll then firstly see something  like this:

fail2ban-centos-default-config

Step 6 – Scroll down the page for all available configuration. There are few lines act as basic setup you can edit as necessary to suit your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.

fail2ban-centos-jail

In the “ignoreip” line you can define several IPs to whitelist so fail2ban won’t lock out that IP. Here you can add your personal / home IP address in case if your forgot your own password to login to your server. You can separate each address with a space.

Step 7 – Now restart Fail2ban so the new configuration can take effect.

CentOS 7:

systemctl restart fail2ban.service

CentOS 6:

service fail2ban restart

fail2ban-centos-restart

That’s it. Enjoy..

19 Comments

Add a Comment

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe and get interesting stuff plus faster updates to your email.