Fail2ban is a free and open-source software in Linux to secure your services from bruteforce attacks. Today, I’ll show you how to secure your OpenSSH server with fail2ban on CentOS 8.
How fail2ban works?
Before practice, let’s talk about theory. In a few words, fail2ban is a log scrapper. It check your system/service log, and ban IP address (with iptables) when it see multiple login failures.
Step 1: installing fail2ban on CentOS 8
Unfortunately, fail2ban doesn’t exist in the default CentOS 8 repository. We have to setup the EPEL repository:
root@manoaratefy$ dnf install epel-release
[root@manoaratefy ~]# dnf install epel-release Last metadata expiration check: 0:52:01 ago on Wed Dec 11 07:04:44 2019. Dependencies resolved. Package Arch Version Repository Size Installing: epel-release noarch 8-5.el8 extras 22 k Transaction Summary Install 1 Package Total download size: 22 k Installed size: 30 k Is this ok [y/N]: y Downloading Packages: epel-release-8-5.el8.noarch.rpm 21 kB/s | 22 kB 00:01 Total 9.4 kB/s | 22 kB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-5.el8.noarch 1/1 Running scriptlet: epel-release-8-5.el8.noarch 1/1 Verifying : epel-release-8-5.el8.noarch 1/1 Installed: epel-release-8-5.el8.noarch Complete! [root@manoaratefy ~]#
Then, we will install fail2ban:
root@manoaratefy$ dnf install fail2ban
[root@manoaratefy ~]# dnf install fail2ban Extra Packages for Enterprise Linux 8 - x86_64 1.9 MB/s | 4.2 MB 00:02 Last metadata expiration check: 0:00:03 ago on Wed Dec 11 07:59:07 2019. Dependencies resolved. Package Arch Version Repository Size Installing: fail2ban noarch 0.10.4-8.el8 epel 17 k Installing dependencies: perl-Digest noarch 1.17-395.el8 AppStream 27 k perl-Digest-MD5 x86_64 2.55-396.el8 AppStream 37 k perl-Net-SSLeay x86_64 1.85-6.el8 AppStream 358 k perl-URI noarch 1.73-3.el8 AppStream 116 k perl-libnet noarch 3.11-3.el8 AppStream 121 k python3-pip noarch 9.0.3-13.el8 AppStream 18 k python3-systemd x86_64 234-8.el8 AppStream 81 k python36 x86_64 3.6.8-2.module_el8.0.0+33+0a10c0e1 AppStream 19 k dbus-glib x86_64 0.110-2.el8 BaseOS 127 k firewalld noarch 0.6.3-7.el8 BaseOS 467 k firewalld-filesystem noarch 0.6.3-7.el8 BaseOS 75 k gobject-introspection x86_64 1.56.1-1.el8 BaseOS 255 k groff-base x86_64 1.22.3-18.el8 BaseOS 1.0 M ipset x86_64 6.38-3.el8 BaseOS 50 k ipset-libs x86_64 6.38-3.el8 BaseOS 57 k iptables x86_64 1.8.2-9.el8_0.1 BaseOS 582 k iptables-ebtables x86_64 1.8.2-9.el8_0.1 BaseOS 67 k jansson x86_64 2.11-3.el8 BaseOS 46 k libnetfilter_conntrack x86_64 1.0.6-5.el8 BaseOS 65 k libnfnetlink x86_64 1.0.1-13.el8 BaseOS 33 k libnftnl x86_64 1.1.1-4.el8 BaseOS 83 k nftables x86_64 1:0.9.0-8.el8 BaseOS 262 k perl-Carp noarch 1.42-396.el8 BaseOS 30 k perl-Data-Dumper x86_64 2.167-399.el8 BaseOS 58 k perl-Encode x86_64 4:2.97-3.el8 BaseOS 1.5 M perl-Errno x86_64 1.28-416.el8 BaseOS 76 k perl-Exporter noarch 5.72-396.el8 BaseOS 34 k perl-File-Path noarch 2.15-2.el8 BaseOS 38 k perl-File-Temp noarch 0.230.600-1.el8 BaseOS 63 k perl-Getopt-Long noarch 1:2.50-4.el8 BaseOS 63 k perl-HTTP-Tiny noarch 0.074-1.el8 BaseOS 58 k perl-IO x86_64 1.38-416.el8 BaseOS 141 k perl-MIME-Base64 x86_64 3.15-396.el8 BaseOS 31 k perl-PathTools x86_64 3.74-1.el8 BaseOS 90 k perl-Pod-Escapes noarch 1:1.07-395.el8 BaseOS 20 k perl-Pod-Perldoc noarch 3.28-396.el8 BaseOS 86 k perl-Pod-Simple noarch 1:3.35-395.el8 BaseOS 213 k perl-Pod-Usage noarch 4:1.69-395.el8 BaseOS 34 k perl-Scalar-List-Utils x86_64 3:1.49-2.el8 BaseOS 68 k perl-Socket x86_64 4:2.027-2.el8 BaseOS 59 k perl-Storable x86_64 1:3.11-3.el8 BaseOS 98 k perl-Term-ANSIColor noarch 4.06-396.el8 BaseOS 46 k perl-Term-Cap noarch 1.17-395.el8 BaseOS 23 k perl-Text-ParseWords noarch 3.30-395.el8 BaseOS 18 k perl-Text-Tabs+Wrap noarch 2013.0523-395.el8 BaseOS 24 k perl-Time-Local noarch 1:1.280-1.el8 BaseOS 34 k perl-Unicode-Normalize x86_64 1.25-396.el8 BaseOS 82 k perl-constant noarch 1.33-396.el8 BaseOS 25 k perl-interpreter x86_64 4:5.26.3-416.el8 BaseOS 6.3 M perl-libs x86_64 4:5.26.3-416.el8 BaseOS 1.6 M perl-macros x86_64 4:5.26.3-416.el8 BaseOS 72 k perl-parent noarch 1:0.237-1.el8 BaseOS 20 k perl-podlators noarch 4.11-1.el8 BaseOS 118 k perl-threads x86_64 1:2.21-2.el8 BaseOS 61 k perl-threads-shared x86_64 1.58-2.el8 BaseOS 48 k python3-dbus x86_64 1.2.4-14.el8 BaseOS 132 k python3-decorator noarch 4.2.1-2.el8 BaseOS 27 k python3-firewall noarch 0.6.3-7.el8 BaseOS 386 k python3-gobject-base x86_64 3.28.3-1.el8 BaseOS 313 k python3-libselinux x86_64 2.8-6.el8 BaseOS 256 k python3-setuptools noarch 39.2.0-4.el8 BaseOS 162 k python3-slip noarch 0.6.4-11.el8 BaseOS 39 k python3-slip-dbus noarch 0.6.4-11.el8 BaseOS 39 k exim x86_64 4.92.3-3.el8 epel 1.4 M fail2ban-firewalld noarch 0.10.4-8.el8 epel 18 k fail2ban-sendmail noarch 0.10.4-8.el8 epel 20 k fail2ban-server noarch 0.10.4-8.el8 epel 406 k Installing weak dependencies: perl-IO-Socket-IP noarch 0.39-5.el8 AppStream 47 k perl-IO-Socket-SSL noarch 2.060-2.el8 AppStream 289 k perl-Mozilla-CA noarch 20160104-7.el8 AppStream 15 k Enabling module streams: python36 3.6 Transaction Summary Install 71 Packages Total download size: 19 M Installed size: 57 M Is this ok [y/N]: y Downloading Packages: (1/71): perl-Digest-1.17-395.el8.noarch.rpm 478 kB/s | 27 kB 00:00 (2/71): perl-Digest-MD5-2.55-396.el8.x86_64.rpm 633 kB/s | 37 kB 00:00 (3/71): perl-IO-Socket-IP-0.39-5.el8.noarch.rpm 777 kB/s | 47 kB 00:00 (4/71): perl-Mozilla-CA-20160104-7.el8.noarch.rpm 1.0 MB/s | 15 kB 00:00 (5/71): perl-URI-1.73-3.el8.noarch.rpm 2.0 MB/s | 116 kB 00:00 (6/71): perl-IO-Socket-SSL-2.060-2.el8.noarch.rpm 2.7 MB/s | 289 kB 00:00 (7/71): perl-libnet-3.11-3.el8.noarch.rpm 2.9 MB/s | 121 kB 00:00 (8/71): python3-pip-9.0.3-13.el8.noarch.rpm 1.0 MB/s | 18 kB 00:00 (9/71): perl-Net-SSLeay-1.85-6.el8.x86_64.rpm 2.2 MB/s | 358 kB 00:00 (10/71): python36-3.6.8-2.module_el8.0.0+33+0a10c0e1.x86_64.rpm 493 kB/s | 19 kB 00:00 (11/71): python3-systemd-234-8.el8.x86_64.rpm 1.7 MB/s | 81 kB 00:00 (12/71): firewalld-filesystem-0.6.3-7.el8.noarch.rpm 1.6 MB/s | 75 kB 00:00 (13/71): firewalld-0.6.3-7.el8.noarch.rpm 6.1 MB/s | 467 kB 00:00 (14/71): dbus-glib-0.110-2.el8.x86_64.rpm 1.5 MB/s | 127 kB 00:00 (15/71): gobject-introspection-1.56.1-1.el8.x86_64.rpm 5.6 MB/s | 255 kB 00:00 (16/71): ipset-6.38-3.el8.x86_64.rpm 2.8 MB/s | 50 kB 00:00 (17/71): ipset-libs-6.38-3.el8.x86_64.rpm 5.7 MB/s | 57 kB 00:00 (18/71): iptables-ebtables-1.8.2-9.el8_0.1.x86_64.rpm 4.4 MB/s | 67 kB 00:00 (19/71): jansson-2.11-3.el8.x86_64.rpm 3.4 MB/s | 46 kB 00:00 (20/71): groff-base-1.22.3-18.el8.x86_64.rpm 12 MB/s | 1.0 MB 00:00 (21/71): libnetfilter_conntrack-1.0.6-5.el8.x86_64.rpm 2.7 MB/s | 65 kB 00:00 (22/71): libnfnetlink-1.0.1-13.el8.x86_64.rpm 2.8 MB/s | 33 kB 00:00 (23/71): iptables-1.8.2-9.el8_0.1.x86_64.rpm 6.8 MB/s | 582 kB 00:00 (24/71): libnftnl-1.1.1-4.el8.x86_64.rpm 2.9 MB/s | 83 kB 00:00 (25/71): perl-Carp-1.42-396.el8.noarch.rpm 3.1 MB/s | 30 kB 00:00 (26/71): perl-Data-Dumper-2.167-399.el8.x86_64.rpm 6.8 MB/s | 58 kB 00:00 (27/71): nftables-0.9.0-8.el8.x86_64.rpm 6.8 MB/s | 262 kB 00:00 (28/71): perl-Errno-1.28-416.el8.x86_64.rpm 6.1 MB/s | 76 kB 00:00 (29/71): perl-Exporter-5.72-396.el8.noarch.rpm 2.7 MB/s | 34 kB 00:00 (30/71): perl-File-Path-2.15-2.el8.noarch.rpm 3.7 MB/s | 38 kB 00:00 (31/71): perl-File-Temp-0.230.600-1.el8.noarch.rpm 4.1 MB/s | 63 kB 00:00 (32/71): perl-Getopt-Long-2.50-4.el8.noarch.rpm 5.5 MB/s | 63 kB 00:00 (33/71): perl-HTTP-Tiny-0.074-1.el8.noarch.rpm 4.6 MB/s | 58 kB 00:00 (34/71): perl-IO-1.38-416.el8.x86_64.rpm 7.5 MB/s | 141 kB 00:00 (35/71): perl-MIME-Base64-3.15-396.el8.x86_64.rpm 2.4 MB/s | 31 kB 00:00 (36/71): perl-Pod-Escapes-1.07-395.el8.noarch.rpm 2.2 MB/s | 20 kB 00:00 (37/71): perl-PathTools-3.74-1.el8.x86_64.rpm 5.7 MB/s | 90 kB 00:00 (38/71): perl-Pod-Perldoc-3.28-396.el8.noarch.rpm 6.9 MB/s | 86 kB 00:00 (39/71): perl-Pod-Usage-1.69-395.el8.noarch.rpm 3.1 MB/s | 34 kB 00:00 (40/71): perl-Pod-Simple-3.35-395.el8.noarch.rpm 7.3 MB/s | 213 kB 00:00 (41/71): perl-Scalar-List-Utils-1.49-2.el8.x86_64.rpm 5.0 MB/s | 68 kB 00:00 (42/71): perl-Socket-2.027-2.el8.x86_64.rpm 5.3 MB/s | 59 kB 00:00 (43/71): perl-Storable-3.11-3.el8.x86_64.rpm 6.9 MB/s | 98 kB 00:00 (44/71): perl-Term-ANSIColor-4.06-396.el8.noarch.rpm 2.8 MB/s | 46 kB 00:00 (45/71): perl-Term-Cap-1.17-395.el8.noarch.rpm 2.9 MB/s | 23 kB 00:00 (46/71): perl-Text-ParseWords-3.30-395.el8.noarch.rpm 1.9 MB/s | 18 kB 00:00 (47/71): perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch.rpm 2.1 MB/s | 24 kB 00:00 (48/71): perl-Encode-2.97-3.el8.x86_64.rpm 7.8 MB/s | 1.5 MB 00:00 (49/71): perl-Time-Local-1.280-1.el8.noarch.rpm 994 kB/s | 34 kB 00:00 (50/71): perl-Unicode-Normalize-1.25-396.el8.x86_64.rpm 2.2 MB/s | 82 kB 00:00 (51/71): perl-constant-1.33-396.el8.noarch.rpm 1.7 MB/s | 25 kB 00:00 (52/71): perl-macros-5.26.3-416.el8.x86_64.rpm 2.8 MB/s | 72 kB 00:00 (53/71): perl-parent-0.237-1.el8.noarch.rpm 1.7 MB/s | 20 kB 00:00 (54/71): perl-podlators-4.11-1.el8.noarch.rpm 4.6 MB/s | 118 kB 00:00 (55/71): perl-threads-2.21-2.el8.x86_64.rpm 3.5 MB/s | 61 kB 00:00 (56/71): perl-threads-shared-1.58-2.el8.x86_64.rpm 2.4 MB/s | 48 kB 00:00 (57/71): python3-dbus-1.2.4-14.el8.x86_64.rpm 2.8 MB/s | 132 kB 00:00 (58/71): python3-decorator-4.2.1-2.el8.noarch.rpm 1.3 MB/s | 27 kB 00:00 (59/71): perl-libs-5.26.3-416.el8.x86_64.rpm 6.3 MB/s | 1.6 MB 00:00 (60/71): python3-firewall-0.6.3-7.el8.noarch.rpm 3.7 MB/s | 386 kB 00:00 (61/71): python3-gobject-base-3.28.3-1.el8.x86_64.rpm 4.3 MB/s | 313 kB 00:00 (62/71): python3-setuptools-39.2.0-4.el8.noarch.rpm 4.4 MB/s | 162 kB 00:00 (63/71): python3-libselinux-2.8-6.el8.x86_64.rpm 3.4 MB/s | 256 kB 00:00 (64/71): python3-slip-0.6.4-11.el8.noarch.rpm 1.5 MB/s | 39 kB 00:00 (65/71): python3-slip-dbus-0.6.4-11.el8.noarch.rpm 2.2 MB/s | 39 kB 00:00 (66/71): fail2ban-0.10.4-8.el8.noarch.rpm 15 kB/s | 17 kB 00:01 (67/71): fail2ban-firewalld-0.10.4-8.el8.noarch.rpm 488 kB/s | 18 kB 00:00 (68/71): perl-interpreter-5.26.3-416.el8.x86_64.rpm 3.5 MB/s | 6.3 MB 00:01 (69/71): fail2ban-sendmail-0.10.4-8.el8.noarch.rpm 171 kB/s | 20 kB 00:00 (70/71): exim-4.92.3-3.el8.x86_64.rpm 941 kB/s | 1.4 MB 00:01 (71/71): fail2ban-server-0.10.4-8.el8.noarch.rpm 1.6 MB/s | 406 kB 00:00 Total 3.5 MB/s | 19 MB 00:05 warning: /var/cache/dnf/epel-6519ee669354a484/packages/exim-4.92.3-3.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY Extra Packages for Enterprise Linux 8 - x86_64 799 kB/s | 1.6 kB 00:00 Importing GPG key 0x2F86D6A1: Userid : "Fedora EPEL (8) [email protected]" Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : perl-Exporter-5.72-396.el8.noarch 1/71 Installing : perl-libs-4:5.26.3-416.el8.x86_64 2/71 Installing : perl-Carp-1.42-396.el8.noarch 3/71 Installing : perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 4/71 Installing : perl-parent-1:0.237-1.el8.noarch 5/71 Installing : perl-Text-ParseWords-3.30-395.el8.noarch 6/71 Installing : python3-decorator-4.2.1-2.el8.noarch 7/71 Installing : libnftnl-1.1.1-4.el8.x86_64 8/71 Running scriptlet: libnftnl-1.1.1-4.el8.x86_64 8/71 Installing : libnfnetlink-1.0.1-13.el8.x86_64 9/71 Running scriptlet: libnfnetlink-1.0.1-13.el8.x86_64 9/71 Installing : libnetfilter_conntrack-1.0.6-5.el8.x86_64 10/71 Running scriptlet: libnetfilter_conntrack-1.0.6-5.el8.x86_64 10/71 Running scriptlet: iptables-1.8.2-9.el8_0.1.x86_64 11/71 Installing : iptables-1.8.2-9.el8_0.1.x86_64 11/71 Running scriptlet: iptables-1.8.2-9.el8_0.1.x86_64 11/71 Installing : iptables-ebtables-1.8.2-9.el8_0.1.x86_64 12/71 Running scriptlet: iptables-ebtables-1.8.2-9.el8_0.1.x86_64 12/71 Installing : perl-Term-ANSIColor-4.06-396.el8.noarch 13/71 Installing : perl-macros-4:5.26.3-416.el8.x86_64 14/71 Installing : perl-Errno-1.28-416.el8.x86_64 15/71 Installing : perl-Socket-4:2.027-2.el8.x86_64 16/71 Installing : perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch 17/71 Installing : perl-Unicode-Normalize-1.25-396.el8.x86_64 18/71 Installing : perl-File-Path-2.15-2.el8.noarch 19/71 Installing : perl-IO-1.38-416.el8.x86_64 20/71 Installing : perl-PathTools-3.74-1.el8.x86_64 21/71 Installing : perl-constant-1.33-396.el8.noarch 22/71 Installing : perl-threads-1:2.21-2.el8.x86_64 23/71 Installing : perl-threads-shared-1.58-2.el8.x86_64 24/71 Installing : perl-interpreter-4:5.26.3-416.el8.x86_64 25/71 Installing : perl-MIME-Base64-3.15-396.el8.x86_64 26/71 Installing : perl-IO-Socket-IP-0.39-5.el8.noarch 27/71 Installing : perl-Time-Local-1:1.280-1.el8.noarch 28/71 Installing : perl-Digest-1.17-395.el8.noarch 29/71 Installing : perl-Digest-MD5-2.55-396.el8.x86_64 30/71 Installing : perl-Net-SSLeay-1.85-6.el8.x86_64 31/71 Installing : perl-Data-Dumper-2.167-399.el8.x86_64 32/71 Installing : perl-File-Temp-0.230.600-1.el8.noarch 33/71 Installing : perl-Pod-Escapes-1:1.07-395.el8.noarch 34/71 Installing : perl-Storable-1:3.11-3.el8.x86_64 35/71 Installing : perl-Term-Cap-1.17-395.el8.noarch 36/71 Installing : perl-Mozilla-CA-20160104-7.el8.noarch 37/71 Installing : python3-setuptools-39.2.0-4.el8.noarch 38/71 Installing : python36-3.6.8-2.module_el8.0.0+33+0a10c0e1.x86_64 39/71 Running scriptlet: python36-3.6.8-2.module_el8.0.0+33+0a10c0e1.x86_64 39/71 Installing : python3-pip-9.0.3-13.el8.noarch 40/71 Installing : python3-libselinux-2.8-6.el8.x86_64 41/71 Installing : python3-slip-0.6.4-11.el8.noarch 42/71 Installing : jansson-2.11-3.el8.x86_64 43/71 Installing : nftables-1:0.9.0-8.el8.x86_64 44/71 Running scriptlet: nftables-1:0.9.0-8.el8.x86_64 44/71 Installing : ipset-libs-6.38-3.el8.x86_64 45/71 Running scriptlet: ipset-libs-6.38-3.el8.x86_64 45/71 Installing : ipset-6.38-3.el8.x86_64 46/71 Installing : groff-base-1.22.3-18.el8.x86_64 47/71 Installing : perl-Encode-4:2.97-3.el8.x86_64 48/71 Installing : perl-Pod-Simple-1:3.35-395.el8.noarch 49/71 Installing : perl-Getopt-Long-1:2.50-4.el8.noarch 50/71 Installing : perl-podlators-4.11-1.el8.noarch 51/71 Installing : perl-Pod-Usage-4:1.69-395.el8.noarch 52/71 Installing : perl-Pod-Perldoc-3.28-396.el8.noarch 53/71 Installing : perl-HTTP-Tiny-0.074-1.el8.noarch 54/71 Installing : perl-IO-Socket-SSL-2.060-2.el8.noarch 55/71 Installing : perl-libnet-3.11-3.el8.noarch 56/71 Installing : perl-URI-1.73-3.el8.noarch 57/71 Running scriptlet: exim-4.92.3-3.el8.x86_64 58/71 Installing : exim-4.92.3-3.el8.x86_64 58/71 Running scriptlet: exim-4.92.3-3.el8.x86_64 58/71 Installing : gobject-introspection-1.56.1-1.el8.x86_64 59/71 Installing : python3-gobject-base-3.28.3-1.el8.x86_64 60/71 Installing : firewalld-filesystem-0.6.3-7.el8.noarch 61/71 Installing : dbus-glib-0.110-2.el8.x86_64 62/71 Running scriptlet: dbus-glib-0.110-2.el8.x86_64 62/71 Installing : python3-dbus-1.2.4-14.el8.x86_64 63/71 Installing : python3-slip-dbus-0.6.4-11.el8.noarch 64/71 Installing : python3-firewall-0.6.3-7.el8.noarch 65/71 Installing : firewalld-0.6.3-7.el8.noarch 66/71 Running scriptlet: firewalld-0.6.3-7.el8.noarch 66/71 Installing : python3-systemd-234-8.el8.x86_64 67/71 Installing : fail2ban-server-0.10.4-8.el8.noarch 68/71 Running scriptlet: fail2ban-server-0.10.4-8.el8.noarch 68/71 Installing : fail2ban-firewalld-0.10.4-8.el8.noarch 69/71 Installing : fail2ban-sendmail-0.10.4-8.el8.noarch 70/71 Installing : fail2ban-0.10.4-8.el8.noarch 71/71 Running scriptlet: fail2ban-0.10.4-8.el8.noarch 71/71 Verifying : perl-Digest-1.17-395.el8.noarch 1/71 Verifying : perl-Digest-MD5-2.55-396.el8.x86_64 2/71 Verifying : perl-IO-Socket-IP-0.39-5.el8.noarch 3/71 Verifying : perl-IO-Socket-SSL-2.060-2.el8.noarch 4/71 Verifying : perl-Mozilla-CA-20160104-7.el8.noarch 5/71 Verifying : perl-Net-SSLeay-1.85-6.el8.x86_64 6/71 Verifying : perl-URI-1.73-3.el8.noarch 7/71 Verifying : perl-libnet-3.11-3.el8.noarch 8/71 Verifying : python3-pip-9.0.3-13.el8.noarch 9/71 Verifying : python3-systemd-234-8.el8.x86_64 10/71 Verifying : python36-3.6.8-2.module_el8.0.0+33+0a10c0e1.x86_64 11/71 Verifying : dbus-glib-0.110-2.el8.x86_64 12/71 Verifying : firewalld-0.6.3-7.el8.noarch 13/71 Verifying : firewalld-filesystem-0.6.3-7.el8.noarch 14/71 Verifying : gobject-introspection-1.56.1-1.el8.x86_64 15/71 Verifying : groff-base-1.22.3-18.el8.x86_64 16/71 Verifying : ipset-6.38-3.el8.x86_64 17/71 Verifying : ipset-libs-6.38-3.el8.x86_64 18/71 Verifying : iptables-1.8.2-9.el8_0.1.x86_64 19/71 Verifying : iptables-ebtables-1.8.2-9.el8_0.1.x86_64 20/71 Verifying : jansson-2.11-3.el8.x86_64 21/71 Verifying : libnetfilter_conntrack-1.0.6-5.el8.x86_64 22/71 Verifying : libnfnetlink-1.0.1-13.el8.x86_64 23/71 Verifying : libnftnl-1.1.1-4.el8.x86_64 24/71 Verifying : nftables-1:0.9.0-8.el8.x86_64 25/71 Verifying : perl-Carp-1.42-396.el8.noarch 26/71 Verifying : perl-Data-Dumper-2.167-399.el8.x86_64 27/71 Verifying : perl-Encode-4:2.97-3.el8.x86_64 28/71 Verifying : perl-Errno-1.28-416.el8.x86_64 29/71 Verifying : perl-Exporter-5.72-396.el8.noarch 30/71 Verifying : perl-File-Path-2.15-2.el8.noarch 31/71 Verifying : perl-File-Temp-0.230.600-1.el8.noarch 32/71 Verifying : perl-Getopt-Long-1:2.50-4.el8.noarch 33/71 Verifying : perl-HTTP-Tiny-0.074-1.el8.noarch 34/71 Verifying : perl-IO-1.38-416.el8.x86_64 35/71 Verifying : perl-MIME-Base64-3.15-396.el8.x86_64 36/71 Verifying : perl-PathTools-3.74-1.el8.x86_64 37/71 Verifying : perl-Pod-Escapes-1:1.07-395.el8.noarch 38/71 Verifying : perl-Pod-Perldoc-3.28-396.el8.noarch 39/71 Verifying : perl-Pod-Simple-1:3.35-395.el8.noarch 40/71 Verifying : perl-Pod-Usage-4:1.69-395.el8.noarch 41/71 Verifying : perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 42/71 Verifying : perl-Socket-4:2.027-2.el8.x86_64 43/71 Verifying : perl-Storable-1:3.11-3.el8.x86_64 44/71 Verifying : perl-Term-ANSIColor-4.06-396.el8.noarch 45/71 Verifying : perl-Term-Cap-1.17-395.el8.noarch 46/71 Verifying : perl-Text-ParseWords-3.30-395.el8.noarch 47/71 Verifying : perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch 48/71 Verifying : perl-Time-Local-1:1.280-1.el8.noarch 49/71 Verifying : perl-Unicode-Normalize-1.25-396.el8.x86_64 50/71 Verifying : perl-constant-1.33-396.el8.noarch 51/71 Verifying : perl-interpreter-4:5.26.3-416.el8.x86_64 52/71 Verifying : perl-libs-4:5.26.3-416.el8.x86_64 53/71 Verifying : perl-macros-4:5.26.3-416.el8.x86_64 54/71 Verifying : perl-parent-1:0.237-1.el8.noarch 55/71 Verifying : perl-podlators-4.11-1.el8.noarch 56/71 Verifying : perl-threads-1:2.21-2.el8.x86_64 57/71 Verifying : perl-threads-shared-1.58-2.el8.x86_64 58/71 Verifying : python3-dbus-1.2.4-14.el8.x86_64 59/71 Verifying : python3-decorator-4.2.1-2.el8.noarch 60/71 Verifying : python3-firewall-0.6.3-7.el8.noarch 61/71 Verifying : python3-gobject-base-3.28.3-1.el8.x86_64 62/71 Verifying : python3-libselinux-2.8-6.el8.x86_64 63/71 Verifying : python3-setuptools-39.2.0-4.el8.noarch 64/71 Verifying : python3-slip-0.6.4-11.el8.noarch 65/71 Verifying : python3-slip-dbus-0.6.4-11.el8.noarch 66/71 Verifying : exim-4.92.3-3.el8.x86_64 67/71 Verifying : fail2ban-0.10.4-8.el8.noarch 68/71 Verifying : fail2ban-firewalld-0.10.4-8.el8.noarch 69/71 Verifying : fail2ban-sendmail-0.10.4-8.el8.noarch 70/71 Verifying : fail2ban-server-0.10.4-8.el8.noarch 71/71 Installed: fail2ban-0.10.4-8.el8.noarch perl-IO-Socket-IP-0.39-5.el8.noarch perl-IO-Socket-SSL-2.060-2.el8.noarch perl-Mozilla-CA-20160104-7.el8.noarch perl-Digest-1.17-395.el8.noarch perl-Digest-MD5-2.55-396.el8.x86_64 perl-Net-SSLeay-1.85-6.el8.x86_64 perl-URI-1.73-3.el8.noarch perl-libnet-3.11-3.el8.noarch python3-pip-9.0.3-13.el8.noarch python3-systemd-234-8.el8.x86_64 python36-3.6.8-2.module_el8.0.0+33+0a10c0e1.x86_64 dbus-glib-0.110-2.el8.x86_64 firewalld-0.6.3-7.el8.noarch firewalld-filesystem-0.6.3-7.el8.noarch gobject-introspection-1.56.1-1.el8.x86_64 groff-base-1.22.3-18.el8.x86_64 ipset-6.38-3.el8.x86_64 ipset-libs-6.38-3.el8.x86_64 iptables-1.8.2-9.el8_0.1.x86_64 iptables-ebtables-1.8.2-9.el8_0.1.x86_64 jansson-2.11-3.el8.x86_64 libnetfilter_conntrack-1.0.6-5.el8.x86_64 libnfnetlink-1.0.1-13.el8.x86_64 libnftnl-1.1.1-4.el8.x86_64 nftables-1:0.9.0-8.el8.x86_64 perl-Carp-1.42-396.el8.noarch perl-Data-Dumper-2.167-399.el8.x86_64 perl-Encode-4:2.97-3.el8.x86_64 perl-Errno-1.28-416.el8.x86_64 perl-Exporter-5.72-396.el8.noarch perl-File-Path-2.15-2.el8.noarch perl-File-Temp-0.230.600-1.el8.noarch perl-Getopt-Long-1:2.50-4.el8.noarch perl-HTTP-Tiny-0.074-1.el8.noarch perl-IO-1.38-416.el8.x86_64 perl-MIME-Base64-3.15-396.el8.x86_64 perl-PathTools-3.74-1.el8.x86_64 perl-Pod-Escapes-1:1.07-395.el8.noarch perl-Pod-Perldoc-3.28-396.el8.noarch perl-Pod-Simple-1:3.35-395.el8.noarch perl-Pod-Usage-4:1.69-395.el8.noarch perl-Scalar-List-Utils-3:1.49-2.el8.x86_64 perl-Socket-4:2.027-2.el8.x86_64 perl-Storable-1:3.11-3.el8.x86_64 perl-Term-ANSIColor-4.06-396.el8.noarch perl-Term-Cap-1.17-395.el8.noarch perl-Text-ParseWords-3.30-395.el8.noarch perl-Text-Tabs+Wrap-2013.0523-395.el8.noarch perl-Time-Local-1:1.280-1.el8.noarch perl-Unicode-Normalize-1.25-396.el8.x86_64 perl-constant-1.33-396.el8.noarch perl-interpreter-4:5.26.3-416.el8.x86_64 perl-libs-4:5.26.3-416.el8.x86_64 perl-macros-4:5.26.3-416.el8.x86_64 perl-parent-1:0.237-1.el8.noarch perl-podlators-4.11-1.el8.noarch perl-threads-1:2.21-2.el8.x86_64 perl-threads-shared-1.58-2.el8.x86_64 python3-dbus-1.2.4-14.el8.x86_64 python3-decorator-4.2.1-2.el8.noarch python3-firewall-0.6.3-7.el8.noarch python3-gobject-base-3.28.3-1.el8.x86_64 python3-libselinux-2.8-6.el8.x86_64 python3-setuptools-39.2.0-4.el8.noarch python3-slip-0.6.4-11.el8.noarch python3-slip-dbus-0.6.4-11.el8.noarch exim-4.92.3-3.el8.x86_64 fail2ban-firewalld-0.10.4-8.el8.noarch fail2ban-sendmail-0.10.4-8.el8.noarch fail2ban-server-0.10.4-8.el8.noarch Complete! [root@manoaratefy ~]#
As you see, fail2ban have a lot of dependencies, including IPTables.
Enabling fail2ban protection on SSH
Now, it’s time to protect your SSH port with fail2ban. For that, let’s create our configuration file:
root@manoaratefy$ vi /etc/fail2ban/jail.local
and let’s add some content:
[DEFAULT] ignoreip = 10.100.0.1/16 bantime = 21600 findtime = 300 maxretry = 3 banaction = iptables-multiport backend = systemd [sshd] enabled = true
Explanation :
- ignoreip (value: IPs list in CIDR format, separated by commas) : IP which is allowed to bruteforce your server. Maybe, it is your LAN, your trusted network, … Be careful with that.
- bantime (value: in seconds) : it defines the effective ban duration in seconds, when someone is locked out.
- findtime (value: in seconds) : fail2ban will ban an IP address which reached maxretry in a findtime seconds.
- maxretry (value: in attempts) : maximum allowed attempts before someone is locked out.
- banaction : action taken when someone should be banned (usually “iptables-multiport” if you are using IPTables firewall).
- backend : fail2ban service management backend, usually “systemd” on CentOS 8).
Then, enable and start fail2ban:
root@manoaratefy$ systemctl start fail2ban
root@manoaratefy$ systemctl enable fail2ban
root@manoaratefy$ systemctl status fail2ban