Fail2ban
Fail2Ban is a program that monitors failed login attempts and automatically blocks access.
Installation[edit | edit source]
On Fedora, install the fail2ban
package.
On CentOS or RedHat Enterprise Linux, install the package from EPEL.
Configuration[edit | edit source]
Make any changes to /etc/fail2ban/jail.local
. The default settings and the configuration documentation can be viewed at /etc/fail2ban/jail.conf
.
I am currently using the following configuration:
[DEFAULT]
#
# Ban hosts in seconds
#
# One month
bantime = 2592000
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
ignoreip = 127.0.0.1/8 172.20.1.0/24 96.30.20.0/24 67.227.194.37/23
# 12 hours, 3 fail
findtime = 43200
maxretry = 3
[sshd]
enabled = true
Usage[edit | edit source]
Start Fail2Ban:
systemctl start fail2ban
systemctl enable fail2ban
You can check the status by reading the fail2ban log.
tail -f /var/log/fail2ban.log
IPTables should also be automatically updated when bans happen. You should see a f2b-sshd
chain in IPTables for SSH bans.