Protect SSH on CentOS 8 with Fail2Ban

Install Fail2Ban

  1. Enable and install the EPEL repository
    # yum -y install epel-release
  2. Install Fail2Ban
    # yum -y install fail2ban
  3. Configure Fail2Ban (See Below)
  4. Enable and start Fail2Ban
    # systemctl enable fail2ban && systemctl start fail2ban

Configure Fail2Ban

  1. Edit /etc/fail2ban/jail.local
    # vim /etc/fail2ban/jail.local
  2. Update/append as follows
    # Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
    bantime = 86400
    # An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
    findtime = 600
    maxretry = 3
    # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
    # will not ban a host which matches an address in this list. Several addresses
    # can be defined using space (and/or comma) separator. For example, add your 
    # static IP address that you always use for login such as
    #ignoreip = ::1
    # Call iptables to ban IP address
    banaction = iptables-multiport
    # Enable sshd protection
    enabled = true

View Fail2Ban Status

Run the following commands to view banned IPs

# fail2ban-client status
# fail2ban-client status sshd

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.