Fail2Ban is a program that monitors failed login attempts and automatically blocks access.

Installation[edit]

On Fedora, install the fail2ban package.

On CentOS or RedHat Enterprise Linux, install the package from EPEL.

Configuration[edit]

Make any changes to /etc/fail2ban/jail.local. The default settings and the configuration documentation can be viewed at /etc/fail2ban/jail.conf.

I am currently using the following configuration:

[DEFAULT]
#
# Ban hosts in seconds
#
# One month
bantime = 2592000

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

ignoreip = 127.0.0.1/8 172.20.1.0/24 96.30.20.0/24 67.227.194.37/23

# 12 hours, 3 fail
findtime = 43200
maxretry = 3

[sshd]
enabled = true

Usage[edit]

Start Fail2Ban:

systemctl start fail2ban
systemctl enable fail2ban

You can check the status by reading the fail2ban log.

tail -f /var/log/fail2ban.log

IPTables should also be automatically updated when bans happen. You should see a f2b-sshd chain in IPTables for SSH bans.

See Also[edit]