In this article, we will have explained the necessary steps to install Fail2ban on Rocky Linux 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
Fail2ban is a free and open-source Intrusion Prevention System (IPS) that protects the server against brute-force attacks. Fail2ban is actually responsible for monitoring the log files for the selected content and executing a script based on the selected content.
Prerequisite:
- Operating System with Rocky Linux 8
- Server IPv4 Address with Superuser Privileges (Root Access)
- Gnome Terminal for Linux Desktop
- PuTTy SSH client for Windows or macOS
- Powershell for Windows 10/11
- Familiar with DNF Commands
Install Fail2ban on Rocky Linux 8
Step 1. First, before you start installing any package on your Rocky Linux server, we always recommend making sure that all system packages are updated.
sudo dnf update sudo dnf upgrade sudo dnf install epel-release
Step 2. Check Firewalld Installation.
By default, Rocky Linux 8 comes with Firewalld running. However, if this is not the case on your system, start Firewalld by executing commands:
sudo dnf info firewalld sudo systemctl start firewalld sudo systemctl enable firewalld
Step 3. Install Fail2ban on Rocky Linux.
Installing Fail2ban on your Rocky Linux system is straightforward, Now install the Fail2ban packages using the following command:
sudo dnf install fail2ban fail2ban-firewalld
Once done, set fail2ban to start on boot automatically:
sudo systemctl start fail2ban sudo systemctl enable fail2ban
Step 4. Configure Fail2ban.
We need to create a copy of the default configuration file with the command:
nano /etc/fail2ban/jail.local
Add the following configuration:
[DEFAULT] # Ban hosts for one hour: bantime = 3600 # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport [sshd] enabled = true
Save and close the file, then restart the Fail2Ban service to load new settings:
sudo systemctl restart fail2ban
Step 5. Securing SSH Service with Fail2ban.
Now create a jail configuration for the SSH server that will ban IP addresses for 1 day after 3 failed attempts at logging in:
sudo nano /etc/fail2ban/jail.d/sshd.local
Add the following configuration:
[sshd] enabled = true # Override the default global configuration # for specific jail sshd bantime = 1d maxretry = 3
To apply the new configuration, restart the fail2ban service using the following command below:
sudo systemctl restart fail2ban
Then, verify the jail configuration status using the fail2ban-client command-line utility:
sudo fail2ban-client status
That’s all you need to do to install Fail2ban on Rocky Linux 8. I hope you find this quick tip helpful. For further reading on the Fail2ban, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.