Advance

How to install Fail2Ban to protect SSH on CentOS 8

How to install Fail2Ban to protect SSH on CentOS 8

Recently, you have reviewed about SSH. In this article, you will learn How to install Fail2Ban to protect SSH on CentOS 8. But first, what is Fail2ban. It is a free, open-source and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them. And by default, it ships with filters for various services including sshd.

 

 

How to install Fail2Ban to protect SSH on CentOS 8

you are recommended to read initial set up centos 8 to let us guide you easier to know how to install and configure fail2ban to protect SSH and improve SSH server security against brute force attacks on CentOS 8.

Installing Fail2ban on CentOS 8

In this paragraph, After logging into your system, access a command-line interface to enable the EPEL repository on your system. because the  fail2ban package is not in the official repositories but it is available in the EPEL repository.

dnf install epel-release OR dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Next, use the command below to install the Fail2ban package.

dnf install fail2ban 

 

Also, read the related articles:

Difference between SSH and Telnet

Configuring Fail2ban to protect SSH

The fail2ban configuration files locate in the /etc/fail2ban/ directory and filters store in the /etc/fail2ban/filter.d/ directory.
We do not recommend you to modify the global configuration file from the fail2ban server /etc/fail2ban/jail.conf, as it will probably be overwritten or improved in case of a package upgrade in the future.
Also, you can create and add your configurations in a jail.local file or separate .conf files under the /etc/fail2ban/jail.d/ directory as an alternative.
Note that configuration parameters set in jail.local will override whatever is defined in jail.conf.
Create a separate file called jail.local in the /etc/fail2ban/ directory.
vi /etc/fail2ban/jail.local
Paste the following configuration in the file when you open it.
Note: The [DEFAULT] the section contains global options and [sshd] contains parameters for the sshd jail.
[DEFAULT] ignoreip = 192.168.56.2/24 bantime  = 21600 findtime  = 300 maxretry = 3 banaction = iptables-multiport backend = systemd [sshd] enabled = true  

Configuration
Now, Let’s see the explanation of options in the above configuration:

  1. ignoreip: specifies the list of IP addresses or hostnames not to ban.
  2. bantime: specified the number of seconds that a host is banned for (i.e effective ban duration).
  3. maxretry: specifies the number of failures before a host gets banned.
  4. findtime: fail2ban will ban a host if it has generated “maxretry” during the last “findtime” seconds.
  5. banaction: banning action.
  6. backend: specifies the backend used to get log file modification.

So, the above configuration, means if an IP has failed 3 times in the last 5 minutes, ban it for 6 hours, and ignore the IP address 192.168.56.2.

Firstly, start and enable the fail2ban service for now and check if it is up and running using the following systemctl command.

systemctl start fail2ban systemctl enable fail2ban systemctl status fail2ban

Monitoring Failed and Banned IP Address Using fail2ban-client

In this step, you can monitor failed and banned IP addresses using the fail2ban-client, After configuring fail2ban to secure sshd. Secondly, to view the current status of the fail2ban server, use the following command.
fail2ban-client status 

To monitor the sshd jail:

fail2ban-client status sshd 
Next, run the command below to unban an IP address in fail2ban.
fail2ban-client unban 192.168.56.1 

However, for more information on fail2ban, read the following man pages.

man jail.conf man fail2ban-client
Good job! reaching to this point, you finish learning the tutorial.
Dear user, we wish this tutorial would be helpful for you, to ask any question or review the conversation of our users about this article, please visit Ask page. Also to improve your knowledge, there are so many useful tutorials ready for Eldernode training.
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

    Leave Your Comment

    Your email address will not be published.

    We are by your side every step of the way

    Think about developing your online business; We will protect it compassionately

    We are by your side every step of the way

    +18054214518

    7 days a week, 24 hours a day