Protect SSH on CentOS 8 with Fail2Ban

Install Fail2Ban

  1. Enable and install the EPEL repository
    # yum -y install epel-release
  2. Install Fail2Ban
    # yum -y install fail2ban
  3. Configure Fail2Ban (See Below)
  4. Enable and start Fail2Ban
    # systemctl enable fail2ban && systemctl start fail2ban

Configure Fail2Ban

  1. Edit /etc/fail2ban/jail.local
    # vim /etc/fail2ban/jail.local
  2. Update/append as follows
    [DEFAULT]
    # Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
    bantime = 86400
     
    # An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
    findtime = 600
    maxretry = 3
     
    # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
    # will not ban a host which matches an address in this list. Several addresses
    # can be defined using space (and/or comma) separator. For example, add your 
    # static IP address that you always use for login such as 103.1.2.3
    #ignoreip = 127.0.0.1/8 ::1 103.1.2.3
     
    # Call iptables to ban IP address
    banaction = iptables-multiport
     
    # Enable sshd protection
    [sshd]
    enabled = true

View Fail2Ban Status

Run the following commands to view banned IPs

# fail2ban-client status
# fail2ban-client status sshd

Leave a Reply

Your email address will not be published. Required fields are marked *