HOW TO INSTALL AND SET UP FAIL2BAN ON CENTOS SERVER

Fail2ban software is an intrusion prevention framework on your CentOS 7 (and 6) vps that scans log files and bans IPs that show the malicious signs so you can protect your server from brute-force attacks. Some previously posted some including to change default SSH port and to disable root login directly, will help you to secure your server, and Fail2ban is one more step in that direction. Brute-force attack may occur continuously, Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time. Fail2Ban is able to reduce the rate of incorrect authentications attempts because Fail2Ban comes with filters for various services (apache, courier, ssh, etc)..

Here is a video for you to follow, or go to the steps down below.

Table of Contents

HOW TO INSTALL

Step 1 – Now install it using yum:

yum install fail2ban -y

HOW TO CONFIGURE FAIL2BAN

Step 2 – So now fail2ban is installed on your VPS, what next to do is setting up some basic Fail2ban configuration. Here I’ll show you a very basic setup. Now firstly copy default configuration file:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

This task is necessary so you can edit configuration locally (your own setting) without messing up with default one. There are lot of possible services that may need protection are in the jail.local file already.

Step 3 – Now edit jail.local file you copied. Use your favorite text editor like Nano or vi.

nano /etc/fail2ban/jail.local

Step 4 – Scroll down the page for all available configuration. There are few lines act as basic setup you can edit as necessary to suit your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.

In the “ignoreip” line you can define several IPs to whitelist so fail2ban won’t lock out that IP. Here you can add your personal / home IP address in case if your forgot your own password to login to your server.