Alma Linux 8

How to Safeguard Your Alma Linux 8 with Fail2Ban Firewall

HomeAlma Linux 8How to Safeguard Your Alma Linux 8 with Fail2Ban Firewall

‍Fail2Ban is a powerful Intrusion Prevention System (IPS) written in Python. It acts as a shield to protect your Alma Linux 8 server against brute-force attacks by monitoring log files for authentication attempts. With Fail2Ban, you can secure various services, including SSH, vsftpd, Apache, and Webmin. In this comprehensive guide, we will walk you through the step-by-step process of installing and configuring Fail2Ban on Alma Linux 8, ensuring your server’s security.

Prerequisites

Before we begin, make sure you have the following prerequisites in place:

  • A server running Alma Linux 8.
  • A root password is configured on the server.

Verifying Firewalld Installation

To start, let’s verify if Firewalld, the default firewall solution for Alma Linux 8, is installed and running on your server. Open your terminal and enter the following command:

systemctl status firewalld

If the output shows that Firewalld is not running, start the service with the following command:

systemctl start firewalld

You can confirm the status of Firewalld by running the previous systemctl status command again. The output should now indicate that Firewalld is active and running.

Next, list all the services configured by Firewalld using the following command:

firewall-cmd --list-all

This command will display a list of services under the “public” category, including interfaces, sources, and ports. Take note of these services as we will need them later.

Installing Fail2Ban

By default, the Fail2Ban package is not available in the Alma Linux default repository. We will need to install it from the EPEL (Extra Packages for Enterprise Linux) repository. Begin by installing the EPEL repository with the following command:

dnf install epel-release -y

Once the EPEL repository is installed, proceed with the installation of the Fail2Ban firewall package using the following command:

dnf install fail2ban fail2ban-firewalld -y

After the installation is complete, start and enable the Fail2Ban service with the following commands:

systemctl start fail2ban
systemctl enable fail2ban

To confirm that Fail2Ban is running, use the following command:

systemctl status fail2ban

The output should indicate that Fail2Ban is active and running on your Alma Linux 8 server.

Configuring Fail2Ban

Fail2Ban’s main configuration file, jail.conf, is located in the /etc/fail2ban/ directory. It is best practice to create a copy of this file before making any modifications. To create a copy, enter the following command:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

By default, Fail2Ban uses the Iptables firewall. However, since we are using Firewalld, we need to enable Firewalld support. Run the following command to make the necessary adjustments:

mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local

After making these changes, restart the Fail2Ban service to apply the modifications:

systemctl restart fail2ban

With Fail2Ban installed and configured, let’s focus on securing the SSH service.

Securing SSH with Fail2Ban

By default, Fail2Ban does not block remote IPs. To protect the SSH service, we need to create a jail configuration file specifically for SSH.

Open the jail configuration file for SSH using a text editor of your choice. In this example, we’ll use Nano:

nano /etc/fail2ban/jail.d/sshd.local

Add the following lines to the file:

[sshd]
enabled = true
bantime = 2h
maxretry = 3

These configuration settings will block the remote host for 2 hours after 3 failed SSH login attempts. Save and close the file when you are finished.

To apply the changes, restart the SSH service:

systemctl restart sshd

To verify that the jail configuration is active, use the following command:

fail2ban-client status

The output will display the configured jail, which should include “sshd.”

To check for any banned IP addresses in the SSH jail, run the following command:

fail2ban-client status sshd

This command will provide you with a list of banned IP addresses.

If you ever need to unban an IP address manually, use the following command:

fail2ban-client unban <remote-ip-address>

With Fail2Ban now protecting your Alma Linux 8 server, you can rest assured that your system is shielded from brute-force attacks.

Conclusion

In this guide, we have covered the installation and configuration of Fail2Ban on Alma Linux 8. By implementing Fail2Ban, you have taken a crucial step towards safeguarding your server from malicious intrusion attempts. With Fail2Ban’s ability to monitor log files and block suspicious IP addresses, you can ensure the security and integrity of your Alma Linux 8 system.

Remember, protecting your server is essential, and utilizing the right hosting provider is equally important. Shape.host offers reliable and scalable Cloud VPS solutions that can complement the security measures provided by Fail2Ban. Consider Shape.host for your hosting needs and experience a seamless and secure hosting environment.

Tags:
Christian Wells

Older Post

SaltStack Master and Minion Installation Guide: Debian 11 – Easy Setup

Next Post

Efficient Messaging Setup: Installing Zulip Chat Server on Debian 11

Related Product

Install DokuWiki with Nginx and Let’s Encrypt SSL on Alma Linux 8

Install Gitea on AlmaLinux 8