Fail2Ban is basically a software framework that prevents intrusions. This protects computer servers from brute force attacks. The software is written in Python programming language. This program has the ability to run on POSIX systems. It can run on those POSIX systems that have an interface to a packet-control system or firewall that is locally installed like TCP Wrapper or iptables. The guide that is written for you here will explain to you all the steps that you need to know about how to install Fail2Ban software on CentOS. This software as I mentioned before is an intrusion prevention framework. We will be installing this framework on CentOS7 VPS easily so that your VPS can be saved from any brute force attacks. In my previous articles I mentioned some basic configurations that were required for a new CentOS server. These configurations included changing default SSH port and disabling root login directly. These might suffice but in some cases that might not be enough. Brute force attack might occur frequently without pause for which you will have to ban the source IP from which the attack will not happen continuously. Once this is done, the attacker will need many IPs to attack. Thus we are introducing Fail2Ban that is made so that it may give me you the ability to prevent and stop SSH brute force attacks and save your server.
The basic principle for the functioning of Fail2Ban is that it scans and monitors all the log files for the selected entries. Once scanned the IPs that show any signs of malicious activities like if they have many password failures or by seeking for exploits are banned. Fail2Ban comes with many filters that are for various services like courier, apache, SSH etc.
The first step is logging into your server as a user with root privileges or as a root itself.
Just so that you don’t waste your time, Fail2ban will not be available to you by default in your CentOS. Because of this reason, it can’t be installed directly by using yum. You will firstly add EPEL repo:
For CentOS 6: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm For CentOS 7: rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm
The picture that is given below is for CentOS7:
If for some reason the repo URLs fail to work then you will easily find the latest repos here.
Now you can install the software by using yum:
yum install fail2ban –y
Once the process finishes you will see something like this:
CONFIGURING FAIL2BAN Step-4:
By now you will have Fail2Ban installed on your server. You will now do some basic configurations to set up your Fail2Ban. This article that I am writing for you is written as easy as possible and the steps for configuration shown to you are very basic. Let us first copy the default configuration file:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
This step needs to be done and is a necessary one. The reason is that so you can edit the configurations which will be your settings without making a mess of the default ones. Most of the files that are in the jail.local file already need protection.
You will now need to edit jail.clocal file the you just copied. You can any text editor that you please. We will be using Nano but you can also us vi.
Now you will see a screen somewhat like this:
Now just go to the bottom of the page where you will see all available configurations. You will see a few lines that will act as basic setup which means that you can edit these lines as you want to suit your own needs like; findtime, bantime, ignoreip and maxretry. If you want to know what each line means then you can read all about it there.
If you see the “ignoreip” line you will read in the description that this line gives you the ability to whitelist those IPs that you don’t want to lock out. Here you can also add the IP address of your home/personal IP just In case of you forgot the password for your own login that is to your own server. If you want to add more addresses, just add spaces in between them to separate them.
You now need to restart Fail2Ban so that all the configurations that you made can take effect.
systemctl restart fail2ban.service
service fail2ban restart
That is it. You have made you system secure by installing Fail2 Ban on it. Now no one can hack or breach your server, VPS by brute force attacks. You server is now more secure than it ever was. Read more about servers in the next article.