How/Steps to install fail2ban on CentOS 5.x, 6.x Rhel 5.x, 6.x – Protect SSH/FTP using fail2ban

Fail2ban, it is a security based application for your Unix based server. The fail2ban service is commonly used to protect your SSH and FTP from unauthorized connection. Here I am explaining the installation and basic configurations steps of fail2ban service for CentOS 5.x, 6.x Rhel 5.x, 6.x operating systems.

Working:
Simply, the fail2ban application scans the log files and fetches the failed as well as fraudulent login attempts and blocks that particular IPs. Generally Fail2ban allication is used to update the iptables rules to reject. That means, this application find out the fraud IP address from the server log files and reject them for a particular time period by using iptables. It’s very helpful to protect the server from Brute-Force-Attack. By using the service Fail2ban, we can protect different services on the server like SSH, FTP, Apache, Lighttpd etc. The installation and configuration of Fail2ban is simple.

For more protection you can install and configure different firewall applications like CSF, APF etc. Here is the link for that:

APF installation steps for Linux server
CSF installation steps for Linux server

Fail2ban Installation Steps:

Step 1 : Repository Installation.
The fail2ban application is available in EPEL RPM Repository. Make sure that your server has the repo for fail2ban installation, if it is not there, you need to install the repo. The repo installation steps for CentOS and RHEL are pasted below:

CentOS/RHEL 6, 32 Bit (i386):
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
CentOS/RHEL 6, 64 Bit x86_64):
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
CentOS/RHEL 5, 32 Bit (i386):
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
CentOS/RHEL 5, 64 Bit (x86_64):
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

Step 2 : Install package using YUM:

# yum install fail2ban

Done 🙂 . It’s the simple step for installing the package fail2ban.

Basic setups for fail2ban configurations:

The fail2ban application’s configuration file is located under /etc. The conf file is pasted below:

# /etc/fail2ban/jail.conf

Basic configurations are listed under the [DEFAULT] heading in the configuration file for fail2ban.
Examples:

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

You can find out a lot of security rules in the fail2ban conf file such as ssh-iptables, proftpd-iptables, sasl-iptables, apache-tcpwrapper etc.

How to protect SSH/SFTP using fail2ban ?

After the basic settings in conf file, you can find the section for SSH [ssh-iptables]. Update the section and restart the fail2ban service.

Example:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, [email protected]]
logpath  = /var/log/secure
maxretry = 5
# service fail2ban restart

Protect your FTP server by using fail2ban:

Example:

[proftpd-iptables]

enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, [email protected]]
logpath  = /var/log/proftpd/proftpd.log
maxretry = 6
# service fail2ban restart

That’s it.

Other Installations:

Suhosin Patch
snoopy logger
Steps to install VirtualBox
Easy way to install Memcached and memcache

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

8 Responses

  1. Arun Chaudhary says:

    Nice Explanation..

  2. xavier says:

    Hi Arun,

    I was trying to install fail2ban in Centos6.5. It gives me following error regading ipset dependancy is not exist. But I read that ipset is only optional. How do I install fail 2 ban with out ipset (ipset not in the EPEL repository)

    Setting up Install Process
    Resolving Dependencies
    –> Running transaction check
    —> Package fail2ban.noarch 0:0.9.2-1.el6 will be installed
    –> Processing Dependency: python-inotify for package: fail2ban-0.9.2-1.el6.noarch
    –> Processing Dependency: ipset for package: fail2ban-0.9.2-1.el6.noarch
    –> Running transaction check
    —> Package fail2ban.noarch 0:0.9.2-1.el6 will be installed
    –> Processing Dependency: ipset for package: fail2ban-0.9.2-1.el6.noarch
    —> Package python-inotify.noarch 0:0.9.1-1.el6 will be installed
    –> Finished Dependency Resolution
    Error: Package: fail2ban-0.9.2-1.el6.noarch (epel)
    Requires: ipset

  3. Joe says:

    Wouldn’t you want to chkconfig fail2ban on / systemctl enable fail2ban as well or does it do that automatically?

  4. rayner says:

    HI Arun

    I install Fail2ban on centos 5.9 32 bits and runing very good, but when baners the ip put in iptables rejet ip, how can i change for put in iptables droop these ips

    thanks for all

Leave a Reply

Your email address will not be published. Required fields are marked *