Installing and configuring fail2ban on CentOs 7

Fail2Ban is an intrusion prevention software framework that can protect your VPS by banning IPs that show malicious signs such as too many login failures.

To install Fail2Ban first install epel-release

Now install Fail2Ban

Enable

The default fail2ban configuration file is /etc/fail2ban/jail.conf.
It is not recommended to modify the original /etc/fail2ban/jail.conf directly.
Instead, we should configure the local copy called jail.local which will override the jail.conf file.

Now open jail.local file in vi or any other editor

This is what the default fail2ban files looks like
fail2ban centos

I changed the default ban time to 36000 which is equal to 10 hours.
Monitoring ssh (sshd) logins has also been enabled.

fail2ban setup

bantime = 36000 = 10 hours
maxretry changed to 4 which is the number of failed attempts before a host is banned
findtime = 600 = 10 minutes : 4 unsuccessful login attempts within 10 minute window would lead to ban.

fail2ban failed login configure

destmail = email where you want to receive ban messages and notifications.

fail2ban email setting

Change (action_)s to (action_mwl)s if you want to receive email alerts and logs. If you want only email alerts and no logs then (action_mw)s

fail2ban email alerts

After you are done save and quit the file and then restart Fail2ban

Or
Previous Post
Installing and configuring iptables firewall on CentOs 7
Next Post
How to disable root login on CentOs VPS

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Menu