How to install and setup Fail2Ban in Centos Server

About Fail2Ban

Fail2Ban is a widely used tool for protecting the bruteforce attack analyzing the server log files. This will help us to automatically protect the server from malicious login attempts.

Installing fail2ban

Usually the default Centos Yum repository is not included with fail2ban package. We can enable EPEL repository to have this package.

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

After completing this, we can install fail2ban.

yum install fail2ban

Configuring Fail2Ban

The default fail2ban configuration file is /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After the file is copied, you can make all of your new configuration changes within the new jail.local file. There are lot of services that may need protection are included in the file by default. Each is located in its own section, configured and turned off.

 Restart Fail2Ban

 

After making any changes to the fail2ban config, always be sure to restart Fail2Ban:

 

service fail2ban restart

 

You can see the rules that fail2ban puts in effect within the IP table:

 

iptables -L

  • 150 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install and Use Docker on Ubuntu 16.04

Introduction Docker is an application that makes it simple and easy to run application processes...

Backup and Restore cPanel Accounts via SSH

a. How to create a backup of a cPanel Account via SSH?   1. Log-in to the SSH as the Root...

Change Main IP of the server :: Vesta Panel

If we are changing the main IP of a server installed with Vesta panel, we can use the following...

Change permissions using find command

On a Linux server, if you are in need of changing the permissions of a bulk amount of files or...

Change the time of your vps/dedi

It's very easy, you first need to remove the current time file rm /etc/localtime and replace it...