In this guide you’ll learn how to install fail2ban on CentOS 7, and why fail2ban it’s a must for your SSH server.

No matter if your server is private and it’s only you who uses it, that doesn’t mean you will never be target of bad guys.

How does fail2ban work?

Fail2ban is a service that will log actions of IPs that will try to access your server, in short fail2ban will keep bad guys away from your server.

Before we get started, make sure your system is up to date

sudo yum update

Step 2 – Install epel release

In order to install fail2ban, you need to have epel release (Extra packages for Enterprise Linux) installed on your system, as fail2ban it’s not included on CentOS package repository.

sudo yum install epel-release

Step 3 – Install Fail2ban

sudo yum install fail2ban

Step 4 – Creating local config file

After installing fail2ban, you need to create a new local config file that will be used by fail2ban as the main config file. Fail2ban stores all configs by default on "/etc/fail2ban/jail.conf" but we dont want to touch that file as it can be overwritten by other packages when you update the system.

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

New config file will be located at /etc/fail2ban/jail.local

Step 5 – Configuring jail.local file

sudo nano /etc/fail2ban/jail.local ----- Copy and paste the config below to your jail.local file [sshd] enabled = true ignoreip = 127.0.0.1/8 bantime = 3600 port = ssh logpath = %(sshd_log)s maxretry = 3 -----

Ignoreip = Fail2ban will ignore IPs you put here, you’re telling to fail2ban do not ban my Ip if i set wrong password x time(s)

= Fail2ban will ignore IPs you put here, you’re telling to fail2ban do not ban my Ip if i set wrong password x time(s) bantime = How long you want to keep IPs banned

= How long you want to keep IPs banned logpath = This option allows you to define the logpath where the fail2ban will store its logs

= This option allows you to define the logpath where the fail2ban will store its logs maxretry = Number of failures before the ip address gets banned

Step 6 – Setting up startup

systemctl enable fail2ban systemctl start fail2ban

Check fail2ban logs

tail -f /var/log/secure

Fail2ban useful commands

Start fail2ban

systemctl start fail2ban

Stop fail2ban

systemctl stop fail2ban

Restart fail2ban

systemctl restart fail2ban

Check fail2ban status

systemctl status fail2ban