Configure fail2ban with firewalld in CentOS 7 and send mail notification to Admin

1. Install fail2ban from EPEL repo.

yum install –y epel–release

yum install –y fail2ban fail2ban–systemd

2. Deal with SELinux, there are two options to choose from.

2.1 Update SELinux Policy : yum update –y selinux–policy*

2.2 Disable SELinux: Modify line SELINUX=enforcing to SELINUX=disabled

3.Configure fail2ban.

Create the file sshd.local in the path /etc/fail2ban/jail.d with the content below:

[sshd]
enabled = true
port = ssh                                              # change ssh port at here
logpath = %(sshd_log)s
maxretry = 5
bantime = 259200                               # count second (259200 = 3 days)
destemail = admin@gmail.com    # change your email at here
action = %(action_mw)s                  #  ban & send an e-mail with whois report to the destemail

Note: This configuration will overwrite the one in /etc/fail2ban/jail.conf, mta (mail transfer agent) is used by “sendmail” default.

4. Enable and Start fail2ban.

systemctl enable fail2ban

systemctl start fail2ban

5. Check and Test.

# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd

# ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:
192.168.100.202 timeout 245657

6. Unban ip address:

# fail2ban-client set sshd unbanip 192.168.100.202

Recheck: # ipset list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 259200
Size in memory: 16592
References: 1
Members:

Testing system: CentOS7 with fail2ban (v0.9.3) and firewalld (0.3.9)