How to Install Fail2Ban on AlmaLinux 8
To install Fail2ban, The EPEL repository needs to be installed first.
yum install epel-release
Note: It will prompt for several permission Press "y" and "Enter" to continue.
Next, install fail2ban package.
yum install fail2ban
Note: This will prompt for several permissions, Press "y" and "Enter" to continue.
Set fail2ban to start on boot automatically,
systemctl enable fail2ban
Configuring local file settings.
Jail.conf contains a section which Configuration settings can be done for the fail2ban, we are not going edit this file because package upgrade can overwrite this file.
Jail.local contains same section where jail.conf file contains and it can override this values.
/etc/fail2ban/jail.d/ can override both jails.local and jails.conf files
First we begin with the jail.local file.
Open the file for editing,
nano /etc/fail2ban/jail.local
Add the following content,
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = true
If server uses firewalld instead of iptables, simply comment the banaction line
Restarting the Fail2Ban service to load new settings.
systemctl restart fail2ban
To check status
fail2ban-client status
Output:
Status
|- Number of jail: 1
`- Jail list: sshd
To view detailed information of sshd
fail2ban-client status sshd
Modify the content of the file /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
Setting ban time
#ban time setting to 600sec
bantime = 600
Setting conditions to ban a client
findtime = 600
maxretry = 3
In this example, the client is blocked if he makes 3 unsuccessful login attempts with in 10 mins.
To check the details of banned IPs and number of login attempts,
fail2ban-client status sshd
Output:
[root@server ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 10
| |- Total failed: 84
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 11
|- Total banned: 11
`- Banned IP list: 221.131.165.85 74.208.253.184 159.65.125.169 118.27.19.199 211.144.221.226 203.137.195.133 120.92.150.145 103.16.202.187 68.183.140.19 221.131.165.124 191.235.98.48
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME
for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS