How to install and configure fail2ban on CentOS?
Jul 10, 2025 pm 12:21 PM
Installing and configuring fail2ban on CentOS is not complicated, it mainly includes the following steps: 1. Install fail2ban using yum; 2. Manually enable and start the service; 3. Create a jail.local file for custom configuration; 4. Set SSH defense rules, including enabling sshd, specifying the blocking time and retry times; 5. Configure firewalld as an action actuator; 6. Regularly check the blocking IP and logs. Fail2ban detects abnormal login behavior through monitoring logs and automatically blocks suspicious IPs. Its core mechanism relies on the settings of key parameters such as bantime (banned time), findtime (statistic window time) and maxretry (maximum number of failures). When using the default configuration file structure, you should prioritize creating .local files instead of modifying .conf files to avoid configuration loss. For SSH protection, just enable the sshd module in jail.local and adjust the relevant parameters to take effect. At the same time, to ensure that the ban rule is applied correctly, banaction needs to be set to firewallcmd-rich-rules to adapt to firewalld. Users can view the current blocked status through the iptables command or the fail2ban log, and extend the protection rules of other services as needed.
Fail2ban is a very practical intrusion prevention tool that detects abnormal login behavior (such as multiple failed attempts) by monitoring system logs and automatically blocks suspicious IP addresses. Installing and configuring fail2ban on CentOS is not complicated, but requires some basic operations.
Install Fail2ban
The default repository of CentOS usually contains fail2ban, so you can directly install it with yum:
- Run the command:
sudo yum install fail2ban - After the installation is completed, the fail2ban service will not start automatically by default. You need to manually enable and start the service:
-
sudo systemctl enable fail2ban -
sudo systemctl start fail2ban
-
You can use systemctl status fail2ban to check whether the service status is running normally.
Basic configuration file structure
The main configuration file of Fail2ban is /etc/fail2ban/jail.conf , but the official recommendation does not directly modify this file, but create a .local file for custom settings:
- Create or edit configuration file:
sudo vi /etc/fail2ban/jail.local - In this file, you can override the settings in jail.conf, such as changing the ban time, retry times, etc.
Common basic configuration items include:
-
bantime: ban time (unit second) -
findtime: How long does a failed attempt be counted -
maxretry: Maximum number of failed attempts -
ignoreip: You can add whitelist IP to avoid accidentally blocking yourself or other trusted sources
Configure SSH defense rules
SSH is one of the most common attack portals. Fail2ban includes a filtering rule for SSH by default, which only needs to be enabled.
Add or confirm the following in jail.local :
[sshd] enabled = true port = ssh logpath = %(sshd_log)s maxretry = 5 bantime = 86400
This configuration means:
- Enable sshd rules
- Use the default SSH log path (usually
/var/log/secure) - If an IP fails more than 5 times within the set time, it will be banned for one day (86400 seconds)
You can also adjust parameters according to your own security needs.
Use Firewalld as Action Actuator
CentOS 7 and above use firewalld as a firewall management tool by default. Fail2ban supports banning IP directly through firewalld.
Make sure that your jail.local has the following configuration:
banaction = firewallcmd-rich-rules
In this way, fail2ban will use rich rules to add temporary blocking rules, and it will take effect without restarting the firewall.
If you want to view the currently blocked IP, you can use the following command:
-
sudo iptables -L -n | grep banned
Or check the fail2ban's own log:
-
sudo cat /var/log/fail2ban.log
Basically that's it. After installation, remember to check the logs and bans regularly. If necessary, you can extend the protection rules of other services, such as preventing FTP or HTTP brute-force cracking. Although there are not many steps, some details are easy to ignore, such as configuration file location and firewalld action settings. If you make a mistake, it may affect the blocking effect.
The above is the detailed content of How to install and configure fail2ban on CentOS?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Difference between centos and ubuntu
Apr 14, 2025 pm 09:09 PM
The key differences between CentOS and Ubuntu are: origin (CentOS originates from Red Hat, for enterprises; Ubuntu originates from Debian, for individuals), package management (CentOS uses yum, focusing on stability; Ubuntu uses apt, for high update frequency), support cycle (CentOS provides 10 years of support, Ubuntu provides 5 years of LTS support), community support (CentOS focuses on stability, Ubuntu provides a wide range of tutorials and documents), uses (CentOS is biased towards servers, Ubuntu is suitable for servers and desktops), other differences include installation simplicity (CentOS is thin)
Centos shutdown command line
Apr 14, 2025 pm 09:12 PM
The CentOS shutdown command is shutdown, and the syntax is shutdown [Options] Time [Information]. Options include: -h Stop the system immediately; -P Turn off the power after shutdown; -r restart; -t Waiting time. Times can be specified as immediate (now), minutes ( minutes), or a specific time (hh:mm). Added information can be displayed in system messages.
Centos stops maintenance 2024
Apr 14, 2025 pm 08:39 PM
CentOS will be shut down in 2024 because its upstream distribution, RHEL 8, has been shut down. This shutdown will affect the CentOS 8 system, preventing it from continuing to receive updates. Users should plan for migration, and recommended options include CentOS Stream, AlmaLinux, and Rocky Linux to keep the system safe and stable.
Centos configuration IP address
Apr 14, 2025 pm 09:06 PM
Steps to configure IP address in CentOS: View the current network configuration: ip addr Edit the network configuration file: sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0 Change IP address: Edit IPADDR= Line changes the subnet mask and gateway (optional): Edit NETMASK= and GATEWAY= Lines Restart the network service: sudo systemctl restart network verification IP address: ip addr
.NET Core Quick Start Tutorial 1. The beginning: Talking about .NET Core
May 07, 2025 pm 04:54 PM
1. The Origin of .NETCore When talking about .NETCore, we must not mention its predecessor .NET. Java was in the limelight at that time, and Microsoft also favored Java. The Java virtual machine on the Windows platform was developed by Microsoft based on JVM standards. It is said to be the best performance Java virtual machine at that time. However, Microsoft has its own little abacus, trying to bundle Java with the Windows platform and add some Windows-specific features. Sun's dissatisfaction with this led to a breakdown of the relationship between the two parties, and Microsoft then launched .NET. .NET has borrowed many features of Java since its inception and gradually surpassed Java in language features and form development. Java in version 1.6
Hadoop pseudo-distributed cluster construction
May 07, 2025 pm 04:45 PM
Software preparation I am using a virtual machine with CentOS-6.6, with the host name repo. Refer to the steps to install a Linux virtual machine in Windows, I installed JDK in that virtual machine, refer to the guide to installing JDK in Linux. In addition, the virtual machine is configured with a key-free login itself, and the settings for configuring key-free login between each virtual machine are referenced. The download address of Hadoop installation package is: https://mirrors.aliyun.com/apache/hadoop/common/. I am using hadoop 2.6.5 version. Upload the Hadoop installation package to the server and unzip [root@repo~]#tarzxv
Centos7 image download
Apr 14, 2025 pm 08:03 PM
CentOS 7 mirror download seems simple, but it actually has hidden secrets. You need to choose the right mirror source, verify the completeness of the mirror, and choose the right version. When selecting a mirror source, speed is the key, and it is recommended to use Alibaba Cloud, NetEase Cloud or Tsinghua University mirroring station. After the download is complete, use MD5 or SHA256 to verify the integrity of the mirror to ensure that the mirror has not been tampered with. Select the minimized installation version or full installation version according to your needs, and pay attention to details such as breakpoint continuous transmission, download tool selection, disk space inspection, etc., so as to easily complete the CentOS 7 image download.
Postman Integrated Application on CentOS
May 19, 2025 pm 08:00 PM
Integrating Postman applications on CentOS can be achieved through a variety of methods. The following are the detailed steps and suggestions: Install Postman by downloading the installation package to download Postman's Linux version installation package: Visit Postman's official website and select the version suitable for Linux to download. Unzip the installation package: Use the following command to unzip the installation package to the specified directory, for example /opt: sudotar-xzfpostman-linux-x64-xx.xx.xx.tar.gz-C/opt Please note that "postman-linux-x64-xx.xx.xx.tar.gz" is replaced by the file name you actually downloaded. Create symbols
