Installing Fail2Ban on CentOS 7

Fail2Ban is an application that provides protection against malicious attacks on your server by monitoring log files and automatically banning IP addresses that show signs of suspicious activity.

Step 1: Update System Packages

To begin, make sure your system is up to date by running the following commands:

         $ sudo yum update $ sudo reboot     

Step 2: Install Fail2Ban

Install Fail2Ban using the following command:

         $ sudo yum install epel-release $ sudo yum install fail2ban     

Step 3: Configure Fail2Ban

Edit the main configuration file using the command:

         $ sudo nano /etc/fail2ban/jail.conf     

Specify the IP address or CIDR range of your server in the "ignoreip" section to prevent it from being banned accidentally.

Next, you can customize various options such as ban time, maximum number of failed attempts, etc. as per your requirement.

Step 4: Start Fail2Ban

Start the Fail2Ban service and enable it to start automatically on boot:

         $ sudo systemctl start fail2ban $ sudo systemctl enable fail2ban     

Step 5: Checking Fail2Ban Status

You can check the status of Fail2Ban using the command:

         $ sudo fail2ban-client status     

Step 6: Configuring Services

Fail2Ban comes with some predefined filters for services like SSH, Apache, etc. You can enable/disable these filters according to your needs.

For example, to enable SSH protection, create a symlink for the SSH jail configuration file:

         $ sudo ln -s /etc/fail2ban/jail.d/sshd.conf /etc/fail2ban/jail.local     

Reload Fail2Ban for the changes to take effect:

         $ sudo systemctl restart fail2ban     

Step 7: Checking Banned IP Addresses

To view the list of banned IP addresses, use the command:

         $ sudo fail2ban-client status [jail name]     

Conclusion

Congratulations! You have successfully installed and configured Fail2Ban on your CentOS 7 server. It will now actively monitor your log files and protect your server against malicious activities.