<yambe:breadcrumb self="Fail2ban">CentOS_7.x_Security_Tools|Security Tools</yambe:breadcrumb>

CentOS 7.x fail2ban

To configure fail2ban on CentOS 7.x use:

1. Install fail2ban using

   yum -y install epel-release
   yum -y install fail2ban

2. Create a local copy of configuration files for local modifications. We should not modify .conf files directly as they would get overwritten during package upgrades

   cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
   cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

3. Edit /etc/fail2ban/jail.local to set backend to systemd and to also enable jail for sshd

   ...
   backend=systemd
   ...
   [sshd]
   enabled = true
   ...

4. Start and enable fail2ban on system boot

   systemctl start fail2ban
   systemctl enable fail2ban

5. Ensure that firewalld is enabled as that is required by fail2ban using CentOS 7.x Basic firewalld configuration
6. Verify that fail2ban is running with at least 1 jail and that jail has one or more blocked IPs

   fail2ban-client status
   fail2ban-client status sshd

There is also older article on fail2ban at Fail2ban

In case of email server using postfix and dovecot add

   enabled=true

under '[dovecot]' and '[posfix-sasl]' also. This would then create three jails including sshd.

Refer:

• https://linode.com/docs/security/using-fail2ban-for-security/

<yambe:breadcrumb self="Fail2ban">CentOS_7.x_Security_Tools|Security Tools</yambe:breadcrumb>