Difference between revisions of "CentOS 7.x fail2ban"
From Notes_Wiki
m |
m |
||
| Line 14: | Line 14: | ||
#:: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | #:: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | ||
#:</pre> | #:</pre> | ||
# Edit /etc/fail2ban/jail.local to | # Edit /etc/fail2ban/jail.local to enable jail for sshd | ||
#:<pre> | #:<pre> | ||
#:: [sshd] | #:: [sshd] | ||
#:: enabled = true | #:: enabled = true | ||
#:</pre> | #:</pre> | ||
# Start and enable fail2ban on system boot | # Start and enable fail2ban on system boot | ||
Revision as of 03:26, 25 October 2019
<yambe:breadcrumb self="Fail2ban">CentOS_7.x_Security_Tools|Security Tools</yambe:breadcrumb>
CentOS 7.x fail2ban
To configure fail2ban on CentOS 7.x use:
- Install fail2ban using
- yum -y install epel-release
- yum -y install fail2ban
- Create a local copy of configuration files for local modifications. We should not modify .conf files directly as they would get overwritten during package upgrades
- cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
- cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Edit /etc/fail2ban/jail.local to enable jail for sshd
- [sshd]
- enabled = true
- Start and enable fail2ban on system boot
- systemctl start fail2ban
- systemctl enable fail2ban
- Ensure that firewalld is enabled as that is required by fail2ban using CentOS 7.x Basic firewalld configuration
- Verify that fail2ban is running with at least 1 jail and that jail has one or more blocked IPs
- fail2ban-client status
- fail2ban-client status sshd
There is also older article on fail2ban at Fail2ban
In case of email server using postfix and dovecot add
enabled=true
under '[dovecot]' and '[posfix-sasl]' also. This would then create three jails including sshd.
Refer:
<yambe:breadcrumb self="Fail2ban">CentOS_7.x_Security_Tools|Security Tools</yambe:breadcrumb>
