Fail2Ban is an excellent intrusion prevention software framework from SSH from a brute-force attack. It’s written in the Python programming language. It should be one of your top priorities when hardening the server.
Fail2ban create rules that automatically alter your iptables firewall configuration. In general Fail2ban updates, the firewall rules to reject the IP addresses for a certain period. Out of the box, Fail2ban comes with filters for various services (apache, courier, ssh, etc). It’s one of the extra server security layers.
In the following guide, we have covered how to install and use Fail2ban on a CentOS 7 server.
First thing first, always stay up to date:
# yum update -y
It may possible that Fail2ban is not available in the official CentOS package repository, in that case, we need to install EPEL, standing for Extra Packages for Enterprise Linux.
# yum install epel-release -y
Now, install fail2ban package:
# yum install fail2ban -y
Once the installation completed, enable fail2ban service:
# systemctl enable fail2ban
Fail2ban’s configuration files located in /etc/fail2ban directory and you can file that has default values called jail.conf. This file can be overwritten by creating another file called jail.local. Any values defined in jail.local will override those in jail.conf.
# vim /etc/fail2ban/jail.local
Now, you can define values in jail.local that you want to overwrite by referring jail.conf file.
After defining the values, restart the fail2ban service:
# systemctl restart fail2ban
We can check that the service is running:
# fail2ban-client status
We can also check details about specific jail:
# fail2ban-client status ssh
Fail2ban is very useful to secure SSH connection. Now you should able to install and configure fail2ban and add an extra layer of security to the server. Learn To Install Fail2ban on CentOS 7