Difference between revisions of "CentOS 7.x fail2ban"

From Notes_Wiki
m
m
Line 4: Line 4:
To configure fail2ban on CentOS 7.x use:
To configure fail2ban on CentOS 7.x use:


# yum -y install epel-release
# Install fail2ban using
# yum -y install fail2ban
#:<pre>
# cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
#::  yum -y install epel-release
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
#:: yum -y install fail2ban
# vim /etc/fail2ban/jail.local
#:</pre>
# Create a local copy of configuration files for local modifications.  We should not modify .conf files directly as they would get overwritten during package upgrades
#:<pre>
#:: cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
#:: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
#:</pre>
# Edit /etc/fail2ban/jail.local to set backend to systemd and to also enable jail for sshd
#:<pre>
#:<pre>
#::      ...
#::      ...
Line 17: Line 23:
#::      ...
#::      ...
#:</pre>
#:</pre>
# systemctl start fail2ban
# Start and enable fail2ban on system boot
# systemctl enable fail2ban
#:<pre>
# fail2ban-client status
#:: systemctl start fail2ban
# fail2ban-client status sshd
#:: systemctl enable fail2ban
#:</pre>
# Ensure that firewalld is enabled as that is required by fail2ban using [[CentOS 7.x Basic firewalld configuration]]
# Verify that fail2ban is running with at least 1 jail and that jail has one or more blocked IPs
#:<pre>
#:: fail2ban-client status
#:: fail2ban-client status sshd
#:</pre>
 


There is also older article on fail2ban at [[Fail2ban]]
There is also older article on fail2ban at [[Fail2ban]]

Revision as of 08:16, 17 October 2018

<yambe:breadcrumb>CentOS_7.x_Security_Tools|CentOS 7.x Security Tools</yambe:breadcrumb>

CentOS 7.x fail2ban

To configure fail2ban on CentOS 7.x use:

  1. Install fail2ban using
    yum -y install epel-release
    yum -y install fail2ban
  2. Create a local copy of configuration files for local modifications. We should not modify .conf files directly as they would get overwritten during package upgrades
    cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
    cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  3. Edit /etc/fail2ban/jail.local to set backend to systemd and to also enable jail for sshd
    ...
    backend=systemd
    ...
    [sshd]
    enabled = true
    ...
  4. Start and enable fail2ban on system boot
    systemctl start fail2ban
    systemctl enable fail2ban
  5. Ensure that firewalld is enabled as that is required by fail2ban using CentOS 7.x Basic firewalld configuration
  6. Verify that fail2ban is running with at least 1 jail and that jail has one or more blocked IPs
    fail2ban-client status
    fail2ban-client status sshd


There is also older article on fail2ban at Fail2ban


In case of email server using postfix and dovecot add

   enabled=true

under dovecot and posfix-sasl also. This would then create three jails including sshd.


Refer: