Fail2Ban is a program that monitors failed login attempts and automatically blocks access.

Installation[edit | edit source]

On Fedora, install the fail2ban package.

On CentOS or RedHat Enterprise Linux, install the package from EPEL.

Configuration[edit | edit source]

Make any changes to /etc/fail2ban/jail.local. The default settings and the configuration documentation can be viewed at /etc/fail2ban/jail.conf.

I am currently using the following configuration:

# Ban hosts in seconds
# One month
bantime = 2592000

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

ignoreip =

# 12 hours, 3 fail
findtime = 43200
maxretry = 3

enabled = true

Usage[edit | edit source]

Start Fail2Ban:

systemctl start fail2ban
systemctl enable fail2ban

You can check the status by reading the fail2ban log.

tail -f /var/log/fail2ban.log

IPTables should also be automatically updated when bans happen. You should see a f2b-sshd chain in IPTables for SSH bans.

See Also[edit | edit source]