Difference between revisions of "CentOS 7.x fail2ban"
m |
m |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 7.x]] > [[CentOS 7.x Security Tools|Security Tools]] > [[CentOS 7.x fail2ban]] | |||
To configure fail2ban on CentOS 7.x use: | To configure fail2ban on CentOS 7.x use: | ||
Line 14: | Line 13: | ||
#:: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | #:: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | ||
#:</pre> | #:</pre> | ||
# Edit /etc/fail2ban/jail.local to | # Edit /etc/fail2ban/jail.local to enable jail for sshd | ||
#:<pre> | #:<pre> | ||
#:: [sshd] | #:: [sshd] | ||
#:: enabled = true | #:: enabled = true | ||
#:</pre> | #:</pre> | ||
# Start and enable fail2ban on system boot | # Start and enable fail2ban on system boot | ||
Line 43: | Line 38: | ||
enabled=true | enabled=true | ||
</pre> | </pre> | ||
under dovecot and posfix-sasl also. This would then create three jails including sshd. | under '[dovecot]' and '[posfix-sasl]' also. This would then create three jails including sshd. | ||
Refer: | Refer: | ||
* https://linode.com/docs/security/using-fail2ban-for-security/ | * https://linode.com/docs/security/using-fail2ban-for-security/ | ||
==Whitelist IPs== | |||
If the office public IPs are getting blacklisted due to wrong password in any application (eg thunderbird) by any user which is causing inconvinience for entire office then we can whitelist such public or private LAN IPs using: | |||
<pre> | |||
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8 | |||
</pre> | |||
Refer: | |||
* https://www.fail2ban.org/wiki/index.php/Whitelist | |||
Since we have created <tt>jail.local</tt> file we should do this change in <tt>jail.local</tt> file and reload fail2ban. | |||
==Rate limiting using fail2ban== | |||
There is article on rate limiting connections to apache via fail2ban at [[Rocky_9.x_Rate_limiting_connections_to_apache#Rate_limiting_connections_via_fail2ban]] | |||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 7.x]] > [[CentOS 7.x Security Tools|Security Tools]] > [[CentOS 7.x fail2ban]] |
Latest revision as of 03:40, 10 April 2024
Home > CentOS > CentOS 7.x > Security Tools > CentOS 7.x fail2ban
To configure fail2ban on CentOS 7.x use:
- Install fail2ban using
- yum -y install epel-release
- yum -y install fail2ban
- Create a local copy of configuration files for local modifications. We should not modify .conf files directly as they would get overwritten during package upgrades
- cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
- cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Edit /etc/fail2ban/jail.local to enable jail for sshd
- [sshd]
- enabled = true
- Start and enable fail2ban on system boot
- systemctl start fail2ban
- systemctl enable fail2ban
- Ensure that firewalld is enabled as that is required by fail2ban using CentOS 7.x Basic firewalld configuration
- Verify that fail2ban is running with at least 1 jail and that jail has one or more blocked IPs
- fail2ban-client status
- fail2ban-client status sshd
There is also older article on fail2ban at Fail2ban
In case of email server using postfix and dovecot add
enabled=true
under '[dovecot]' and '[posfix-sasl]' also. This would then create three jails including sshd.
Refer:
Whitelist IPs
If the office public IPs are getting blacklisted due to wrong password in any application (eg thunderbird) by any user which is causing inconvinience for entire office then we can whitelist such public or private LAN IPs using:
ignoreip = 127.0.0.1 192.168.1.0/24 8.8.8.8
Refer:
Since we have created jail.local file we should do this change in jail.local file and reload fail2ban.
Rate limiting using fail2ban
There is article on rate limiting connections to apache via fail2ban at Rocky_9.x_Rate_limiting_connections_to_apache#Rate_limiting_connections_via_fail2ban
Home > CentOS > CentOS 7.x > Security Tools > CentOS 7.x fail2ban