How to Protect SSH with Fail2Ban on CentOS 6

How to Protect SSH with Fail2Ban on CentOS 6

Follow these steps to install and configure Fail2Ban to protect your SSH service on CentOS 6:

Step 1: Install Fail2Ban

Fail2Ban is not available by default on CentOS, so you need to start by downloading the EPEL repository:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Next, install Fail2Ban using the following command:

yum install fail2ban

Step 2: Copy the Configuration File

The default Fail2Ban configuration file is located at /etc/fail2ban/jail.conf. However, you should not edit this file directly. Instead, make a local copy:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

After copying the file, you can make all of your changes in the jail.local file. Many services that may need protection are already listed in the file, each configured in its own section and turned off by default.

Step 3: Configure Defaults in Jail.Local

Open the jail.local file using a text editor:

vi /etc/fail2ban/jail.local

The first section of the file contains the default settings for Fail2Ban. Below is an example of the default section and how to customize it:

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host.
# Fail2Ban will not ban a host which matches an address in this list.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# "findtime" is the number of seconds during which "maxretry" failures are allowed.
findtime  = 600

# "maxretry" is the number of failures before a host is banned.
maxretry = 3

Here’s what each setting means:

  • ignoreip: Add your personal IP address here to whitelist it. This ensures you are not accidentally locked out of your server.
  • bantime: The duration (in seconds) a host is banned. Default is 1 hour (3600 seconds).
  • findtime: The time period in seconds during which the failed login attempts are tracked. Default is 10 minutes (600 seconds).
  • maxretry: The maximum number of failed login attempts before a host is banned. Default is 3.

Step 4 (Optional): Configure SSH Protection

To configure SSH protection, look for the [ssh-iptables] section in the jail.local file. This section should be enabled by default. Here's how it looks:

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, [email protected]]

logpath  = /var/log/secure
maxretry = 5

Explanation of each entry:

  • enabled: This enables SSH protection. To disable, set it to false.
  • filter: Defines the filter file to be used. sshd refers to the /etc/fail2ban/filter.d/sshd.conf file.
  • action: The action that Fail2Ban will take when an IP is banned. iptables blocks the IP, and sendmail-whois sends an email notification (if you have a mail server set up).
  • logpath: The path to the log file that Fail2Ban will monitor for failed login attempts. By default, this is /var/log/secure.
  • maxretry: The maximum number of failed login attempts before the IP gets banned. Default is 5.

If you're using a non-standard SSH port, change the port in the action line. For example, if your SSH port is 30000, modify the line like so:

action = iptables[name=SSH, port=30000, protocol=tcp]

Step 5: Restart Fail2Ban

After making changes to the configuration, restart the Fail2Ban service to apply the changes:

sudo service fail2ban restart

Step 6: Verify Fail2Ban Rules

You can check the active Fail2Ban rules in iptables with the following command:

iptables -L
  • 0 Uživatelům pomohlo
Byla tato odpověď nápomocná?

Související články

Adding New IP Addresses to a CentOS/Fedora Server via SSH

Adding New IP Addresses to a CentOS/Fedora Server via SSH Follow the procedure below to add...

Disable Ping Response

Disable Ping Response What is a ping: A ping is a simple network utility used to check if a...

How To Block an IP Address

How To Block an IP Address Login to your Linux server via SSH. Blocking an IP Address To block...

How to Change SSH Port in CentOS

How to Change SSH Port in CentOS Login to your server via PuTTY or any other SSH client....

How to Reset MySQL Password

How to Reset MySQL Password If you have forgotten your MySQL root password, follow these steps...