Install Fail2Ban
- Enable and install the EPEL repository
# yum -y install epel-release
- Install Fail2Ban
# yum -y install fail2ban
- Configure Fail2Ban (See Below)
- Enable and start Fail2Ban
# systemctl enable fail2ban && systemctl start fail2ban
Configure Fail2Ban
- Edit /etc/fail2ban/jail.local
# vim /etc/fail2ban/jail.local
- Update/append as follows
[DEFAULT] # Ban IP/hosts for 24 hour ( 24h*3600s = 86400s): bantime = 86400 # An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds. findtime = 600 maxretry = 3 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban # will not ban a host which matches an address in this list. Several addresses # can be defined using space (and/or comma) separator. For example, add your # static IP address that you always use for login such as 103.1.2.3 #ignoreip = 127.0.0.1/8 ::1 103.1.2.3 # Call iptables to ban IP address banaction = iptables-multiport # Enable sshd protection [sshd] enabled = true
View Fail2Ban Status
Run the following commands to view banned IPs
# fail2ban-client status
# fail2ban-client status sshd
Was this helpful?
0 / 0