Using fail2ban to secure your server
Last week I logged into my VPS with SSH for the first time in 2 weeks and got this message: 30109 failed login attempts! For a VPS with public IP with an exposed ssh port, that’s pretty low, according to some people on /r/sysadmin/ (my favorite subreddit!). But I’m still decided to add some protection to the server. After some simple research, fail2ban seems to be the solution.
Fail2ban is an application that monitors system logs for symptoms of an attack on your server, written in python.
While Fail2ban is primarily focused on SSH attacks, you can also use Fail2ban configuration with other services that utilize log files and is at potential risk of being compromised.
Fail2ban is not available in the official CentOS package repository, so I have to install the EPEL repository:
sudo yum install epel-release
Then install fail2ban:
sudo yum install fail2ban
Enable fail2ban using
sudo systemctl enable fail2ban
fail2ban config files are stored in
Default config file is
jail.conf, but I should avoid editing it directly since it may be overwritten when upgrading package. Since fail2ban reads .conf configuration files first, then .local files override any setting, I will create a new
sudo nano /etc/fail2ban/jail.local
(feel free to use other text editor, here I used nano)
Here I defined some basic value. Also, in case of CentOS or Fedora, I need to change the backend option in jail.local from
Restart fail2ban to apply the changes:
sudo systemctl restart fail2ban
I can check for fail2ban client status by using:
To get more information on ssh jail:
fail2ban-client status ssh
This is just the basic to get started with fail2ban. There are many things you can explore like mail notifications, filters, regex etc.