How to Install and Configuration Fail2Ban on CentOS/RHEL/Ubuntu
Fail2ban is a very useful application for the system administrator. It is very helpful to make your server more secure. Fail2Ban scan logs file and has the ability to ban IP’s which is malicious based on the configuration rules. Fail2ban will add a new rule to IPtables and block the IP address of the attacker for some species of time or permanently.
Fail2Ban is primarily focused to secure server with SSH attacks, but you can do with other service configuration also. This article will help you install Fail2Ban on CentOS/RHEL on 7/6.
Step 1: Install EPEL RPM Repository
Fail2Ban is not available in the official repository. So first we need to add EPEL repository on a server to install Fail2Ban.
For CentOS/RHEL 7:
# yum install epel-release
OR
# yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm
For CentOS/RHEL 6:
# yum install epel-release
OR
# yum localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Step 2: Install Fail2ban Package
After installing the required repository use yum command to install the fail2ban package.
For CentOS/RHEL
# yum install fail2ban
For Ubuntu
# apt-get install fail2ban
Step 3: Setup Fail2ban Default Configuration
Fail2Ban provides its own security configuration files fail2ban.conf, but if you want to make any changes it will be best to do in the separate file fail2ban.local.
# cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
The jail.conf file will enable Fail2ban for SSH by default with some other configuration. But before changes make a separate file fail.local
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Step 4: Some Basic Configuration
Configure fail2ban.local Settings
After making local configuration file you can do some basic configuration as per your requirement.
# vim /etc/fail2ban/fail2ban.local
# Option: loglevel
# Notes.: Set the log level output.
loglevel = INFO
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
logtarget = /var/log/fail2ban.log
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
syslogsocket = auto
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
dbpurgeage = 86400
STDOUT: output any data
STDERR: output any errors
SYSLOG: message-based logging
FILE: output to a file
Configure fail.local Settings
After making local configuration file you can do some basic configuration as per your requirement.
# vim /etc/fail2ban/fail.local
#"ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed,
# so add your system ip to protect your ip from banned.
ignoreip = 127.0.0.1/8, 192.168.10/24
#"bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).
bantime = 600
# A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below
# settings, 2 minutes
findtime = 600
# "maxretry" is the number of failures before a host get banned.
maxretry = 3
No Jails are enabled by default to enable the SSH daemon jail do the mention changes in jail.local
[sshd]
enabled = true
Step 5: Email Configuration
To receive an email when fail2ban is triggered, adjust the email settings in fail.local file.
# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = support@techoism.com
#Sender email address used solely for some actions
sender = root@localhost
# E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
# mailing. Change mta configuration parameter to mail if you want to
# revert to conventional 'mail'.
mta = sendmail
Step 6: Restart Fail2ban Service
After making all the changes save your file and restart Fail2ban service.
For CentOS/RHEL 6
# service fail2ban restart
# chkconfig fail2ban on
For CentOS/RHEL 7
# systemctl restart fail2ban
# systemctl enable fail2ban
Reference: https://www.fail2ban.org/wiki/index.php/Main_Page
Enjoy it!