Install Fail2ban on CentOS 7

Install Fail2Ban
yum install epel-release -y
yum install fail2ban -y
Configure permanent bans
# Find IP of current connections
netstat -natp
 
vim /etc/fail2ban/jail.conf
 
### Set this ###
# "bantime" is the number of seconds that a host is banned.
# bantime  = 600

# Permanent ban
bantime = -1

# set IgnoreIP
ignoreip = 127.0.0.1/8

# It's also recommended to ignore any other subnets that are trusted to to access this server
################
vim /etc/fail2ban/action.d/iptables-multiport.conf
 
##### Set Action Start #####

actionstart = iptables -N fail2ban-<name>
             iptables -A fail2ban-<name> -j RETURN
             iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
# Add this line to load iptables:
         cat /etc/fail2ban/persistent.bans | awk '/^fail2ban-<name>/ {print $2}' \
         | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j <blocktype>; done
#
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
# Add this line - including the tab indent
   echo "fail2ban-<name> <ip>" >> /etc/fail2ban/persistent.bans
#
#########################
vim /etc/fail2ban/jail.local
 
#### insert these lines ####

[DEFAULT]
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport


[sshd]
enabled = true
banaction = iptables-multiport
bantime = -1
maxretry = 0
# port = 2222:wq
########
# restart fail2ban
 
systemctl restart fail2ban
# Check current bans
 
fail2ban-client status sshd
# Set Fail2Ban Autostart
 
[rambo@testbox ~]# systemctl enable fail2ban
Created symlink from /etc/systemd/system/multi-user.target.wants/fail2ban.service to /usr/lib/systemd/system/fail2ban.service.
 

 
# Alternative: configure temporary bans
vim /etc/fail2ban/jail.local
#### insert these lines ####
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
 
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
 
[sshd]
enabled = true
########

 
Example: How to Unban an IP
 
# Find Jailname
[admin@server ~]iptables -n -L –line-numbers | grep 100.2.151.232
131  REJECT     all  —  100.2.151.232        0.0.0.0/0            reject-with icmp-port-unreachable
[admin@server ~]iptables -D fail2ban-jailname 131
 
# Unban IP from correct jail
fail2ban-client set sshd unbanip 172.17.0.4

Leave a Reply

Your email address will not be published. Required fields are marked *