About Fail2Ban
Fail2Ban is a widely used tool for protecting the bruteforce attack analyzing the server log files. This will help us to automatically protect the server from malicious login attempts.
Installing fail2ban
Usually the default Centos Yum repository is not included with fail2ban package. We can enable EPEL repository to have this package.
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
After completing this, we can install fail2ban.
yum install fail2ban
Configuring Fail2Ban
The default fail2ban configuration file is /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should instead make a local copy of it.
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
After the file is copied, you can make all of your new configuration changes within the new jail.local file. There are lot of services that may need protection are included in the file by default. Each is located in its own section, configured and turned off.
Restart Fail2Ban
After making any changes to the fail2ban config, always be sure to restart Fail2Ban:
service fail2ban restart
You can see the rules that fail2ban puts in effect within the IP table:
iptables -L