How to Install Fail2Ban on CentOS 7

As usual CentOS 7 brings many adventures to the sysadmin and installing Fail2Ban was no exception.

We need the epel repo installed.
sudo yum install epel-release

Install the following two fail2ban packages.
sudo yum install fail2ban fail2ban-systemd

Make the local jail file by copying jail.conf
cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

To this file I add my home IP address to the ignoreip line.
sudo vim /etc/fail2ban/jail.local

Create the sshd jail.
sudo vim /etc/fail2ban/jail.d/sshd.local

Add the following to this file. Note that the first banaction item would not work for me and I had to use iptables-allports. Read more at centos.org and here on github.

[sshd]
enabled = true
port = ssh
#banaction = firewallcmd-ipset
banaction = iptables-allports
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400

Issue the usual start and enable commands.
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check on the status of our jail.
sudo fail2ban-client status sshd

View the firewall rules associated with any bans.
sudo iptables -L -n

Leave a comment

Your email address will not be published. Required fields are marked *