How to install fail2ban on Rocky Linux and AlmaLinux

1 month ago 16
PR Distribution

Fail2ban should beryllium connected each 1 of your Linux servers. If you've yet to instal it connected either Rocky Linux oregon AlmaLinux, Jack Wallen is present to assistance you retired with that.

data security

Image: Anawat Sudchanham/EyeEm/Getty Images

Fail2ban is 1 of the archetypal pieces of bundle I instal connected Linux servers. This work volition assistance forestall unwanted logins by banning nefarious IP addresses from gaining entree to your server. Unlike installing fail2ban connected Ubuntu Servers, you person to instrumentality an other measurement with RHEL-based servers. I'm going to locomotion you done that precise thing, demonstrating the process that volition assistance you get fail2ban installed connected either Rocky Linux oregon AlmaLinux.

The process volition instal some fail2ban and the indispensable firewalld bundle to let the work to tally connected the systems.

What you'll request

The lone things you request to marque this enactment are:

  • A moving lawsuit of either Rocky Linux oregon AlmaLinux

  • A idiosyncratic with sudo privileges

That's it. Let's get to work.

SEE: Security incidental effect policy (TechRepublic Premium)

How to alteration firewalld

Out of the box, firewalld mightiness not beryllium running. To hole that, unfastened a terminal model connected your server and contented the command:

sudo systemctl commencement firewalld

Next, alteration the firewall work to tally astatine footwear with:

sudo systemctl alteration firewalld

How to instal fail2ban

We tin present instal some fail2ban and the firewalld package. Back astatine the terminal window, adhd the EPEL repository with the command:

sudo dnf instal epel-release -y

Once that repository is added, instal fail2ban and the firewalld constituent with:

sudo dnf instal fail2ban fail2ban-firewalld -y

Start and alteration fail2ban with the commands;

sudo systemctl commencement fail2ban sudo systemctl alteration fail2ban

How to configure fail2ban

With fail2ban installed, it's clip to configure it. First, we request to make a transcript of the default configuration record with the command:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open that record for editing with the command:

sudo nano /etc/fail2ban/jail.local

In that file, look for the pursuing options (in the [DEFAULT] section) and alteration them to bespeak what you spot below:

bantime = 1h findtime = 1h maxretry = 5

Save and adjacent the file. 

Next, we request to let fail2ban to enactment with firewalld (instead of iptables) with the command:

sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local

Restart fail2ban with:

sudo systemctl restart fail2ban

How to make an SSH jailhouse

We'll present make a jailhouse configuration for the SSH server that volition prohibition IP addresses for 1 time aft 3 failed attempts astatine logging in. Create the caller configuration with the command:

sudo nano /etc/fail2ban/jail.d/sshd.local

Paste the pursuing into that caller file:

[sshd] enabled = true bantime = 1d maxretry = 3

Save and adjacent the file. Restart fail2ban:

sudo systemctl restart fail2ban

At this point, fail2ban is present protecting from nefarious SSH connections. You tin trial it by attempting to log successful with SSH utilizing an incorrect password. After 3 attempts, you'll beryllium locked retired for 1 day. If you bash get locked out, you tin unban your IP code with the command:

sudo fail2ban-client unban ADDRESS

Where ADDRESS is the banned IP address.

And that's each determination is to installing fail2ban connected either Rocky Linux oregon AlmaLinux. Enjoy that heightened consciousness of information (just don't trust connected fail2ban for each your information needs).

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article