Protect SSH From Brute-Force Attacks With Fail2Ban on CentOS / RHEL
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. In this tutorial, we are going to set-up Fail2Ban on CentOS 7 server. Let’s follow the steps:
Table of Contents
- Install Fail2ban
- Enable & Run Fail2ban
- Configure Settings
- Add a Jail to Protect SSH
- Restart and Monitor Fail2ban
- Manually Ban & Unban IP
Step 1 : Install Fail2ban
The Fail2ban package isn’t available on CentOS official repository. It is under EPEL project. That’s why we have to install EPEL repository first.
Install EPEL repository:
sudo yum install epel-release
Now we are able to install Fail2ban package. Let’s install by this command:
sudo yum install fail2ban
Step 2 : Enable & Run Fail2ban
We have to enable the Fail2ban service using this:
sudo systemctl enable fail2ban
Now start the Fail2ban service:
sudo systemctl start fail2ban
Step 3 : Configure Settings
The default configuration file path is:
The other files can be located at:
/etc/fail2ban/jail.local /etc/fail2ban/jail.d/*.conf /etc/fail2ban/jail.d/*.local
It’s good way to set settings in the main jail.conf. This file can be modified on package upgrades. Let’s make a copy of the conf file. We will set settings on that file:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the jail.local using your favorite editor. I’m opening with nano.
sudo nano /etc/fail2ban/jail.local
You’ll find many settings. The
[DEFAULT]section’s settings will be executed first. Let’s set default ban-time to 1 hour.
[DEFAULT] # Ban hosts for one hour: bantime = 3600 [sshd] enabled = false # we will add a seprate config for sshd
Step 4 : Add a Jail to Protect SSH
We can set this configuration in the global config file. But it’s better to keep separate. You can set this config in the jail.local file too.
Let’s create a jail file called sshd.local in
sudo nano /etc/fail2ban/jail.d/sshd.local
Now paste this configuration:
[sshd] enabled = true port = ssh action = iptables-multiport logpath = /var/log/secure maxretry = 3 bantime = 3600
Step 5 : Restart and Monitor Fail2ban
Type this command to restart Fail2ban service:
sudo systemctl restart fail2ban
* Note: We need to restart the Fail2ban service after changing any settings.
Let’s check the status:
sudo fail2ban-client status
You’ll see the output like:
Status |- Number of jail: 1 `- Jail list: sshd
To see the status of a single jail, you’ve to run command like this:
sudo fail2ban-client status jail_name
To get more details of the status, we have run this command:
sudo fail2ban-client status sshd
And check Fail2ban’s log using this:
sudo tail -F /var/log/fail2ban.log
Step 6 : Manually Ban & Unban IP
We can also ban and unban manually. To ban, we have run command like:
sudo fail2ban-client set JAIL banip IPADDRESS
To unban, we need to run command like:
That’s all.Thanks for reading. ?
sudo fail2ban-client set JAIL unbanip IPADDRESS
Preview may take a few seconds to load.
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Bold **double asterisks**
Three back ticks and then enter your code blocks here.
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
> type a greater than sign and start typing your quote.
You can add links by adding text inside of  and the link inside of (), like so:
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of , and the image URL inside of (), like so:
To add a divider you can add three dashes or three asterisks:
--- or ***