Alma Linux 8

Installing Fail2Ban on AlmaLinux 8: A Comprehensive Guide

HomeAlma Linux 8Installing Fail2Ban on AlmaLinux 8: A Comprehensive Guide

‍Fail2Ban is a powerful and widely-used intrusion prevention software that helps protect your AlmaLinux 8 server from malicious attacks. By monitoring log files and detecting suspicious activity, Fail2Ban automatically blocks IP addresses that exhibit malicious behavior. In this comprehensive guide, we will walk you through the step-by-step process of installing and configuring Fail2Ban on your AlmaLinux 8 server.

Prerequisites

Before we dive into the installation process, there are a few prerequisites that need to be met:

  1. EPEL Repository: The EPEL repository is required to install Fail2Ban. To install it, run the following command:
   yum install epel-release
  1. Root Access: You need to have root access or administrative privileges to install and configure Fail2Ban.

Installation

Once you have met the prerequisites, you can proceed with the installation of Fail2Ban using the following steps:

  1. Install Fail2Ban: Run the following command to install Fail2Ban on your AlmaLinux 8 server:
   yum install fail2ban
  1. Enable Auto-Start: To ensure that Fail2Ban starts automatically on boot, run the following command:
   systemctl enable fail2ban

Configuring Fail2Ban

Fail2Ban comes with two configuration files: jail.conf and jail.local. While jail.conf should not be edited directly, jail.local allows you to override the default settings without worrying about package upgrades overwriting your changes. Let’s configure Fail2Ban by editing the jail.local file:

  1. Open the Configuration File: Use the following command to open the jail.local file for editing:
   nano /etc/fail2ban/jail.local
  1. Add Configuration Settings: Add the following content to the jail.local file:
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

If your server uses firewalld instead of iptables, simply comment out the banaction line by adding a # at the beginning.

  1. Restart Fail2Ban: Restart the Fail2Ban service to apply the new settings:
   systemctl restart fail2ban

Checking Fail2Ban Status

To check the status of Fail2Ban and view detailed information about the SSH jail, you can use the following commands:

  1. Check Overall Status: To check the overall status of Fail2Ban and see the number of active jails, run the following command:
   fail2ban-client status

This will display the number of active jails and a list of the jails, including SSH ( sshd ).

  1. View Detailed SSH Jail Information: Use the following command to view detailed information about the SSH jail:
   fail2ban-client status sshd

This will provide you with information about failed login attempts, banned IP addresses, and more.

Modifying Fail2Ban Settings

You can further modify the settings of Fail2Ban to suit your specific requirements. Let’s take a look at a few common modifications:

  1. Setting Ban Time: To change the ban time from the default of one hour (3600 seconds) to a different value, modify the bantime setting in the jail.local file. For example, to set the ban time to 600 seconds (10 minutes), use the following configuration:
   # Ban time setting to 600 seconds
   bantime = 600
  1. Setting Conditions to Ban a Client: You can adjust the conditions that determine when a client should be banned by modifying the findtime and maxretry settings in the jail.local file. For example, the following configuration will ban a client if they make 3 unsuccessful login attempts within 10 minutes:
   findtime = 600
   maxretry = 3
  1. Additional Information: If you want to gather more information about banned IPs and the number of login attempts, you can use the fail2ban-client command with the status option. For example, running fail2ban-client status sshd will provide you with a list of banned IP addresses and their corresponding login attempts.

Conclusion

By following this comprehensive guide, you have successfully installed and configured Fail2Ban on your AlmaLinux 8 server. Fail2Ban is an essential tool for enhancing the security of your server by automatically blocking malicious IP addresses. With its robust features and customizable settings, you can protect your server from various types of attacks and ensure the smooth operation of your services.

For reliable and scalable cloud hosting solutions, including Linux SSD VPS, consider Shape.host. With our expertise in cloud hosting and commitment to providing top-notch services, Shape.host is your trusted partner for all your hosting needs.

Tags:
Christian Wells

Older Post

Installing PHP 8 in AlmaLinux 8

Next Post

Installing phpMyAdmin on AlmaLinux 8

Related Product

Install DokuWiki with Nginx and Let’s Encrypt SSL on Alma Linux 8

Install Gitea on AlmaLinux 8