Install and configure Fail2Ban on CentOS 7

This tutorial presents the minimum SSH protection on CentOS 7 by Fail2Ban (without e-mail).

Preparation

# install epel-release
$ yum install -y epel-release && yum -y update

# install fail2ban packages
$ yum install -y fail2ban fail2ban-systemd

# update selinux-policies (if SELinux)
$ yum update -y selinux-policy*

Configuration

# change directory
$ cd /etc

# check content of 00-systemd.conf
$ cat fail2ban/jail.d/00-systemd.conf
...
[DEFAULT]
backend=systemd
...

# create custom default configuration
$ cp -p fail2ban/jail.conf fail2ban/jail.local

# edit custom default configuration
$ vim fail2ban/jail.local
...
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime  = 3600
maxretry = 3
...

# create custom sshd configuration
$ vim fail2ban/jail.d/sshd.local
...
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
...

Ready for startup

# enable fail2ban
$ systemctl enable fail2ban

# start fail2ban
$ systemctl start fail2ban

Check status

# check status (optional)
$ systemctl status fail2ban

# tail fail2ban logfile (optional)
$ tail -f /var/log/fail2ban.log

# tail secure logfile (optional)
$ tail -f /var/log/secure

# check iptables
$ iptables -L -n

# check status of jails
$ fail2ban-client status

# check status of sshd jail
$ fail2ban-client status sshd

Example

$ fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	347
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	1
   |- Total banned:	56
   `- Banned IP list:	185.110.132.202

$ whois 185.110.132.202
...
person:         Karamurzov Barasbi
abuse-mailbox:  abusemail@openstack.net.ua
address:        Belize, BE, Kolmo ave 11, apt 901
...