In this tutorial, we'll explain how to install Fail2ban on AlmaLinux 8.
Fail2Ban is an excellent intrusion prevention software framework from SSH from a brute-force attack. It’s written in the Python programming language. It should be one of your top priorities when hardening the server.
Fail2ban create rules that automatically alter your iptables firewall configuration. In general Fail2ban updates, the firewall rules to reject the IP addresses for a certain period.
Fail2ban is written in Python programming language and it is open source, free, and able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. It provides security against cyber attacks like DDoS attacks, bot attacks brute-forcing, and such.
Prerequisites
- A AlmaLinux 8 installed dedicated server or KVM VPS
- A root user access or normal user with sudo privileges.
Let get started with the installation.
1. Update The Server
dnf update -y
2. Install EPEL Repository
It may possible that Fail2ban is not available in the official package repository, in that case, we need to install EPEL repository, standing for Extra Packages for Enterprise Linux.
dnf install epel-release -y
3. Install Fail2ban
Use following command to install Fail2ban:
dnf install fail2ban -y
By default Fail2ban service is disabled, because some of its default settings may cause undesired effects. We'll start and enable Fail2ban service, once we configure it.
Configuring Fail2ban
To configure Fail2ban, we first copy the configuration file jail.conf and save as jail.local file name and modify settings in jail.local. By doing this we keep the main configuration file safe and try and test in copied file. To do this task run following command:
cp /etc/fail2ban/jail.{conf,local}
Now, edit the copied file using your favorite editor.
vi /etc/fail2ban/jail.local
Individual Jail Settings
You can configure individual services. Those are specified by section headers like [sshd]
Each of these sections needs to be enabled individually by adding an enabled = true line under the header, with their other settings.
[jail_to_enable]
. . .
enabled = true
. . .
To enable SSH service, find [sshd] in the jail.local file and add enabled = true below [sshd].
Once you add it, save and exit the file.
4. Start and Enable Fail2ban
Now, let's start and enable Fail2ban service using following commands:
systemctl start fail2ban
systemctl enable fail2ban
We can check that the services are running:
fail2ban-client status
Output
Status
|- Number of jail: 1
`- Jail list: sshd
We can also check details about specific jail:
fail2ban-client status sshd
There are multiple options that you can modify according to your requirement. Some of the parameters we have mentioned below:
1. bantime
The ban-time of all IP addresses is set by a parameter known as bantime. The value set for bantime by default is just 10 minutes.
bantime = 1d
2. findtime
Another very important variable is findtime. It defines the time-duration allowed between consecutive login attempts.
findtime = 10m
3. maxretry
It defines the exact number of failed login attempts allowed within the findtime. If the number of failed-authorization attempts within the findtime exceeds the maxretry value, the IP would be banned from logging back in.
maxretry = 5
4. ignoreip
To add an IP to this whitelist, modify the ignoreip line and type in the IP address to exempt:
ignoreip = 127.0.0.1/8 ::1 222.222.222.222 192.168.0.0/24
Conclusion
Fail2ban is very useful to secure SSH connection. Now you should able to install and configure fail2ban and add an extra layer of security to the server. We have seen how to install Fail2ban on AlmaLinux 8.
