Actual Admins

Actual Admins

combined IT ramblings

  • Home
  • Apparel
  • KB
  • Home
  • Apparel
  • KB
> Operating Systems > Linux > Fail2Ban setup on CentOS 7

Fail2Ban setup on CentOS 7

Jeroen Hensing    June 21, 2016 February 12, 2017    No Comments on Fail2Ban setup on CentOS 7

I setup a CentOS 7 server recently, that regrettably needs open SSH to the outside world. As I don’t dabble in CentOS that much, I thought I’d write out the instructions for myself and others to install fail2ban. This will block people trying to bruteforce your server with lots of different passwords, and usernames. I had 2650 attempts this morning in 4 hours time, so it was time to get this done.

sudo yum install -y epel-release

As fail2ban is not part of the default CentOS repositories, you need to add the ‘Extra Packages for Enterprise Linux’ package which will automatically add some repositories.
For some (centos) reason this gives some issues with yum. To test, try the following:

yum update

The next is some partial output… just check for ‘404 – Not Found’… like:

https://nl.mirror.babylon.network/epel/7/x86_64/repodata/5fb9b68ae651689bab4b7e0add1152e3d2f4d03643eecb90e6bc856312d6a0a8-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found

The fix is easy, as such: (I use nano, but vi or vim or whatever editor can be used of course)

nano /etc/yum.repos.d/epel.repo

Now uncomment the ‘baseurl’ lines by removing the # in front of it and comment out the mirrorlist lines by adding a # in front of them.  Save and exit the editor. Doing another ‘yum update’ should now no longer have errors.

yum install -y fail2ban

This will install the package. To configure run the following lines:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

This will copy the default configuration and start editing it. In the beginning of this file add: (you can also uncomment it as the same is right in the beginning, but commented out)

[DEFAULT]
bantime = 3600

[sshd]
enabled=true

You can change the default bantime of 3600 seconds (=1 hour) to anything you like. Now look for a line like “ignoreip = 127.0.0.1/18”, and change it to:

ignoreip = 127.0.0.1/18 myhost.myisp.nl

replace the ‘myhost.myisp.nl’ with the (external) IP address or hostname of the host you’d like to whitelist. This to prevent you being banned in case you mistype your password a few times.

Now that we’ve got the basic setup done, enable it as such:

systemctl enable fail2ban
systemctl start fail2ban

Your system should be actively blocking people bruteforcing/trying out your ssh. To check the fail2ban status, run the following:

fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd

to check the status of the sshd jail specifically run (banned IP obfuscated on purpose)

fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 1
| |- Total failed: 21
| `- File list: /var/log/secure
`- Actions
 |- Currently banned: 1
 |- Total banned: 1
 `- Banned IP list: 120.24.*.*

As you see, the service is merrily blocking attempts. There’s a lot more you can do with besides blocking sshd attempts, or the few commands I’ve shown, but this should help you on your way. Good luck!

Share
  • Tweet
Linux, Security     CentOS, login, ssh

About Jeroen Hensing

A dutch nerd who likes to mess around with computers.

View all posts by Jeroen Hensing →

Post navigation

Setting up a firewall in Ubuntu
Useful PowerShell functions and snippets

Recent Posts

  • Hardening your PI: SSHD protection
  • Apply WhatIf to an entire script
  • Recovering NTFS inheritance
  • Zabbix monitoring
  • Managing Windows features using RSAT

Tags

balloon tips batch CentOS clementine cmd.exe diskperf dns doshere driver empathy explorer firewall folders login lvm mariadb mencoder monitoring mysql NTFS performance php postfix PowerShell printer Process Process Tree python recursion registry rsat runas search server 2012R2 shares ssh strict name checking ubuntu ufw variables WhatIf windows windows 7 windows features zabbix

Categories

  • Linux
  • Operating Systems
  • PowerShell
  • Raspberry PI
  • Scripting
  • Security
  • Windows

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Copyright Actual Admins ©2019
All rights reserved.