Actual Admins

Actual Admins

combined IT ramblings

  • Home
  • Apparel
  • Home
  • Apparel
Actual Admins > Operating Systems > Linux > Fail2Ban setup on CentOS 7

Fail2Ban setup on CentOS 7

Jeroen Hensing    June 21, 2016 June 21, 2016    Comments Off on Fail2Ban setup on CentOS 7

I setup a CentOS 7 server recently, that regrettably needs open SSH to the outside world. As I don’t dabble in CentOS that much, I thought I’d write out the instructions for myself and others to install fail2ban. This will block people trying to bruteforce your server with lots of different passwords, and usernames. I had 2650 attempts this morning in 4 hours time, so it was time to get this done.

sudo yum install -y epel-release

As fail2ban is not part of the default CentOS repositories, you need to add the ‘Extra Packages for Enterprise Linux’ package which will automatically add some repositories.
For some (centos) reason this gives some issues with yum. To test, try the following:

yum update

The next is some partial output… just check for ‘404 – Not Found’… like:

https://nl.mirror.babylon.network/epel/7/x86_64/repodata/5fb9b68ae651689bab4b7e0add1152e3d2f4d03643eecb90e6bc856312d6a0a8-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found

The fix is easy, as such: (I use nano, but vi or vim or whatever editor can be used of course)

nano /etc/yum.repos.d/epel.repo

Now uncomment the ‘baseurl’ lines by removing the # in front of it and comment out the mirrorlist lines by adding a # in front of them.  Save and exit the editor. Doing another ‘yum update’ should now no longer have errors.

yum install -y fail2ban

This will install the package. To configure run the following lines:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

This will copy the default configuration and start editing it. In the beginning of this file add: (you can also uncomment it as the same is right in the beginning, but commented out)

[DEFAULT]
bantime = 3600

[sshd]
enabled=true

You can change the default bantime of 3600 seconds (=1 hour) to anything you like. Now look for a line like “ignoreip = 127.0.0.1/18”, and change it to:

ignoreip = 127.0.0.1/18 myhost.myisp.nl

replace the ‘myhost.myisp.nl’ with the (external) IP address or hostname of the host you’d like to whitelist. This to prevent you being banned in case you mistype your password a few times.

Now that we’ve got the basic setup done, enable it as such:

systemctl enable fail2ban
systemctl start fail2ban

Your system should be actively blocking people bruteforcing/trying out your ssh. To check the fail2ban status, run the following:

fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd

to check the status of the sshd jail specifically run (banned IP obfuscated on purpose)

fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 21
| `- File list: /var/log/secure
`- Actions
 |- Currently banned: 1
 |- Total banned: 1
 `- Banned IP list: 120.24.*.*

As you see, the service is merrily blocking attempts. There’s a lot more you can do with besides blocking sshd attempts, or the few commands I’ve shown, but this should help you on your way. Good luck!

Linux, Security     CentOS, login, ssh

About Jeroen Hensing

A dutch nerd who likes to mess around with computers.

View all posts by Jeroen Hensing →

Post navigation

Setting up a firewall in Ubuntu
Useful PowerShell functions and snippets

Recent Posts

  • Apply WhatIf to an entire script
  • Recovering NTFS inheritance
  • Zabbix monitoring
  • Managing Windows features using RSAT
  • Enable server 2012R2 disk performance counters

Recent Comments

    Archives

    • November 2018
    • October 2017
    • July 2017
    • March 2017
    • December 2016
    • October 2016
    • June 2016
    • March 2016
    • February 2016
    • March 2014
    • May 2013
    • April 2013
    • March 2013
    • February 2013
    • December 2012
    • November 2012

    Categories

    • Linux
    • Operating Systems
    • PowerShell
    • Raspberry PI
    • Scripting
    • Security
    • Windows

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright Actual Admins ©2020
    All rights reserved.