Search our database

How to install Fail2ban in Linux Centos

Installation Steps:

Step 1 : Install the repo :

Centos 6 (32 bit) :

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Centos 6 (64 bit) :

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Centos 5 (32 bit) :

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Centos 5 (64 bit) :

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Step 2 : Install the package using YUM:
# yum install fail2ban

Basic setups for fail2ban configurations:

The fail2ban application’s configuration file is located under /etc. The conf file is pasted below :-

# /etc/fail2ban/jail.conf 

Basic configurations are listed under the [DEFAULT] heading in the configuration file for fail2ban :-

Examples:

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

You can find out a lot of security rules in the fail2ban conf file such as ssh-iptables, proftpd-iptables, sasl-iptables, apache-tcpwrapper etc.

How to protect SSH/SFTP using fail2ban ?
After the basic settings in conf file, you can find the section for SSH [ssh-iptables]. Update the section and restart the fail2ban service.

Example:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath  = /var/log/secure
maxretry = 5

# service fail2ban restart

Protect your FTP server by using fail2ban:

Example:

[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 6

# service fail2ban restart

That all, now your SSH and FTP has been secure

Tags: , ,