1. Install fail2ban from EPEL repo.
yum install –y epel–release
yum install –y fail2ban fail2ban–systemd
2. Deal with SELinux, there are two options to choose from.
2.1 Update SELinux Policy : yum update –y selinux–policy*
2.2 Disable SELinux: Modify line SELINUX=enforcing to SELINUX=disabled
3.Configure fail2ban.
Create the file sshd.local in the path /etc/fail2ban/jail.d with the content below:
[sshd]
enabled = true
port = ssh # change ssh port at here
logpath = %(sshd_log)s
maxretry = 5
bantime = 259200 # count second (259200 = 3 days)
destemail = admin@gmail.com # change your email at here
action = %(action_mw)s # ban & send an e-mail with whois report to the destemail
enabled = true
port = ssh # change ssh port at here
logpath = %(sshd_log)s
maxretry = 5
bantime = 259200 # count second (259200 = 3 days)
destemail = admin@gmail.com # change your email at here
action = %(action_mw)s # ban & send an e-mail with whois report to the destemail
Note: This configuration will overwrite the one in /etc/fail2ban/jail.conf, mta (mail transfer agent) is used by “sendmail” default.
4. Enable and Start fail2ban.
systemctl enable fail2ban
systemctl start fail2ban
5. Check and Test.
# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
Status
|- Number of jail: 1
`- Jail list: sshd
# ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:
192.168.100.202 timeout 245657
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:
192.168.100.202 timeout 245657
6. Unban ip address:
# fail2ban-client set sshd unbanip 192.168.100.202
Recheck: # ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:
Testing system: CentOS7 with fail2ban (v0.9.3) and firewalld (0.3.9)