In this article, we will have explained the necessary steps to install Fail2Ban on CentOS 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
Fail2ban is a free, open-source and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them (updates firewall rules to reject the IP addresses). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Install Fail2Ban on CentOS 8
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
Step 2. Install Fail2Ban.
Since Fail2ban isn’t available in the default CentOS repositories, you are going to need to install the EPEL package by executing the command below:
Next, we will run the standard dnf install command along with the fail2ban package name:
Step 3. Configure Fail2ban.
Fail2Ban collects all of its configuration in
/etc/fail2ban/jail.conf file, though, no changes need to be made to this particular file. Certain system updates or patches could overwrite it as well, so simply make an additional local configuration file using the command below:
Next we will open the configuration file using our favorite text editor, we will be using Nano text editor:
Once the file is open, copy and paste the following configuration in it. The [DEFAULT] the section contains global options and [sshd] contains parameters for the sshd jail:
# WARNING: heavily refactored in 0.9.0 release. Please review and
# customize settings for your setup.
# Changes: in most of the cases you should not modify this
# file, but provide customizations in jail.local file,
# or separate .conf files under jail.d/ directory, e.g.:
# HOW TO ACTIVATE JAILS:
# YOU SHOULD NOT MODIFY THIS FILE.
# It will probably be overwritten or improved in a distribution update.
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
# bantime = 3600
# enabled = true
# See jail.conf(5) man page for more information
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
It’s recommended to change those settings:
- ignoreip – Specify your own ISP IP in this line, in such way you will avoid any blocks on your own IP address.
- bantime – This value sets a number of seconds that a client is going to be blocked from the server in case he violates any of the rules. The default is 10 minutes, you can change it to higher if you’d like.
- maxretry – This is the number of times a host can fail to login before getting banned.
- findtime – Amount of time that a client has to log in. The default is set to 10 minutes.
After making all the changes save your file and restart Fail2ban service using the following command:
Congratulation, you have learned how to install Fail2Ban on CentOS 8. If you have any question, please leave a comment below.