How to Install Fail2ban on Rocky Linux 8

Install Fail2ban on Rocky Linux 8

In this article, we will have explained the necessary steps to install Fail2ban on Rocky Linux 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Fail2ban is a free and open-source Intrusion Prevention System (IPS) that protects the server against brute-force attacks. Fail2ban is actually responsible for monitoring the log files for the selected content and executing a script based on the selected content.

Install Fail2ban on Rocky Linux 8

Step 1. First, before you start installing any package on your Rocky Linux server, we always recommend making sure that all system packages are updated.

sudo dnf update
sudo dnf upgrade
sudo dnf install epel-release

Step 2. Check Firewalld Installation.

By default, Rocky Linux 8 comes with Firewalld running. However, if this is not the case on your system, start Firewalld by executing commands:

sudo dnf info firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld

Step 3. Install Fail2ban on Rocky Linux.

Installing Fail2ban on your Rocky Linux system is straightforward, Now install the Fail2ban packages using the following command:

sudo dnf install fail2ban fail2ban-firewalld

Once done, set fail2ban to start on boot automatically:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Step 4. Configure Fail2ban.

We need to create a copy of the default configuration file with the command:

nano /etc/fail2ban/jail.local

Add the following configuration:

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

Save and close the file, then restart the Fail2Ban service to load new settings:

sudo systemctl restart fail2ban

Step 5. Securing SSH Service with Fail2ban.

Now create a jail configuration for the SSH server that will ban IP addresses for 1 day after 3 failed attempts at logging in:

sudo nano /etc/fail2ban/jail.d/sshd.local

Add the following configuration:

[sshd]
enabled = true

# Override the default global configuration
# for specific jail sshd
bantime = 1d
maxretry = 3

To apply the new configuration, restart the fail2ban service using the following command below:

sudo systemctl restart fail2ban

Then, verify the jail configuration status using the fail2ban-client command-line utility:

sudo fail2ban-client status

That’s all you need to do to install Fail2ban on Rocky Linux 8. I hope you find this quick tip helpful. For further reading on the Fail2ban, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.