How to Install Fail2Ban on CentOS 7

r00t November 30, 2017

Install Fail2Ban on CentOS 7

In this tutorial we’ll learn how to install Fail2Ban on CentOS 7. We will also install and configure its prerequisites. Fail2Ban is a free and open source intrusion prevention software tool written in the Python programming language which can be used to protect servers from various kinds of attacks. Fail2Ban works by continuously monitoring various log files (Apache, SSH) and conducting scripts according to them. Mostly it is used to block IP addresses which are trying to breach the system’s safety. It can be used to block any IP address which is attempting to make lots of illegitimate login attempts. Fail2Ban is put up to block malicious IP address within a time limit defined by administrator. Fail2Ban can be configured to send email notifications when someone’s attacking your server. The main purpose of Fail2ban is to scans log files for a variety of services, such as SSH, FTP, SMTP, Apache and obstruct the IP address which makes too many password failures.

I recommend to use a minimal CentOS server setup as a basis for the tutorial, that can be a virtual or a root server image with an CentOS 7 minimal install from a web hosting company or you use our minimal server tutorial to install a server from scratch.

Install Fail2Ban on CentOS 7

Step 1. First, ensure your system is fully up-to-date by running the following:

yum -y update
yum -y install epel-release

Step 2. Installing Fail2ban.

Now install Fail2Ban using the following command:

yum install fail2ban

Step 3. Configure Fail2Ban.

Once installed, copy the default jail.conf file to make a local configuration with this command:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

You can change this settings by adding appropriate lines in /etc/fail2ban/jail.local:

nano /etc/fail2ban/jail.local

Add the following lines:

##To block failed login attempts use the below jail.
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to request suspicious URLs, use the below jail.
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to search for scripts on the website to execute, use the below jail.
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To block the remote host that is trying to request malicious bot, use below jail.
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189
 
##To stop DOS attack from remote host.
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache*/access.log
maxretry = 400
findtime = 400
bantime = 200
ignoreip = 192.168.15.189
action = iptables[name=HTTP, port=http, protocol=tcp]
 
##To block the failed login attempts on the SSH server, use the below jail.
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 600
ignoreip = 192.168.15.189

Save the file and restart the fail2ban service:

systemctl restart fail2ban

You can check the status of the Fail2Ban status using the following command:

fail2ban-client status

Congratulation’s! You have successfully install and configured Fail2Ban on your CentOS 7 server. Thanks for using this tutorial for installing Fail2Ban on CentOS 7 system.

The Tags:

Leave a Comment

Comments are closed.