Fail2ban, it is a security based application for your Unix based server. The fail2ban service is commonly used to protect your SSH and FTP from unauthorized connection. Fail2ban is a daemon that uses python scripts to parse log files for system intrusion attempts and adds custom iptables rules defined by you in the configuration file to ban access to certain ip addresses.
This guide explains how to install Fail2ban software on RHEL/CentOS 7.
Installing Fail2Ban on RHEL, CentOS 7
To install Fail2Ban on RHEL and CentOS 7, run the commands below to enable EPEL 7 repository.
wget dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm rpm -ivh epel-release-7-1.noarch.rpm
Next, run the commands below to install Fail2Ban
yum install fail2ban -y
So now fail2ban is installed on your CentOS 7, what next to do is setting up some basic Fail2ban configuration. Here I’ll show you a very basic setup. Now firstly copy default configuration file:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now edit jail.local file you copied. Use your favorite text editor like Nano or vi.
Scroll down the page for all available configuration. There are few lines act as basic setup you can edit as necessary to suit your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.
Write your personal IP address into the ignoreip line. You can separate each address with a space. IgnoreIP allows you white list certain IP addresses and make sure that they are not locked out from your VPS. Including your address will guarantee that you do not accidentally ban yourself from your own virtual private server.
The next step is to decide on a bantime, the number of seconds that a host would be blocked from the server if they are found to be in violation of any of the rules. This is especially useful in the case of bots, that once banned, will simply move on to the next target.
Maxretry is the amount of incorrect login attempts that a host may have before they get banned for the length of the ban time.
Findtime refers to the amount of time that a host has to log in. T
Now restart Fail2ban so the new configuration can take effect.
systemctl restart fail2ban.service