September 30, 2019
September 30, 2019
In this article, you will learn how to install Fail2Ban on CentOS 7 – one of the most effective ways to ensure the safety of your server.
A server is never completely safe from online attacks, no matter how secure it is by default. Therefore, it is important to improve security by providing it with additional protection. That’s exactly what you can do with Fail2Ban on your VPS.
Fail2Ban is a software that protects Linux-based web servers from brute-force, dictionary, DDoS, and DOS attacks. It provides arguably the best security measures for CentOS servers.
Fail2Ban works by monitoring system logs and banning potential attackers based on multiple unsuccessful login attempts. Once unwanted access is identified, Fail2Ban will directly use iptables and firewalld to block their IP addresses.
The installation requires you to have root access to the server through an SSH client like PuTTY (Windows) or the terminal shell (macOS and Linux). If you own Hostinger’s VPS hosting, you can find your login details in the Servers tab of the hPanel.
Is everything ready? Let’s install Fail2Ban on CentOS 7.
There are three steps for installing Fail2Ban on CentOS 7 – installing the EPEL repository, copying configuration files, and configuring Fail2Ban.
First, you have to download the EPEL (Extra Packages for Enterprise Linux) repository which has Fail2Ban for CentOS 7 included. Run the following command:
sudo yum install epel-release
Once that is done, you can install Fail2Ban:
sudo yum install fail2ban
Secondly, don’t forget to enable and start the service by typing in these commands:
sudo systemctl enable fail2ban sudo systemctl start fail2ban
Fail2Ban on CentOS 7 will store its configuration file in /etc/fail2ban/jail.conf. However, package upgrades can delete it. That’s why we highly suggest that you move the content to a local config file called jail.local. To do this, we’ll use the cp command:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now you can make changes to Fail2Ban’s configuration. Any value you define in jail.local will override what is already in jail.conf.
It is time to configure the local config file using the nano text editor:
sudo nano /etc/fail2ban/jail.local
Inside it, you will find the DEFAULT section. It contains global settings that will be applied throughout the Fail2Ban service:
Here’s a short summary of each command.
You can change the values based on your needs. Once the modifications are made, save the configuration file with the CTRL+X shortcut.
You have to restart Fail2Ban for the change to take effect:
sudo systemctl restart fail2ban
Great! Now your Fail2Ban is up and running on your CentOS 7 server. We have got a few tips for you when using this service.
To monitor the status of Fail2Ban jails, you can use this command:
sudo fail2ban-client status
You can simply unban an IP address by entering the following line:
sudo fail2ban-client set <jailname> unbanip <ipaddress>
Remember to replace the information inside the brackets with your own.
Fail2Ban improves your CentOS 7 server’s security. It helps ban unwanted hosts that are trying to gain access to your server. What’s great is that it’s easy to install and configure.
We showed you how to install Fail2Ban on CentOS 7. Let’s take a look at the steps once again:
That’s it! If you have any questions, feel free to comment down below.
August 07 2020
I have fail2ban service running on my server and it is taking up all this space 27G /var/lib/fail2ban 28G /var/lib I have been told to remove (purge) the fail2ban database but everything I have tried is not working. > fail2ban-client status Status |- Number of jail: 6 `- Jail list: dovecot, postfix, postfix-sasl, proftpd, sshd, webmin-auth CentOS Linux 7.8.2003 I am trying to delete the database to free up some space but I am not having any luck. Do you have any recommendations on how to restore and remove the excess data? Thanks
Replied on November 06 2020
Hey Colin! :) It would be hard to guess what is wrong with the task you are trying to complete without the full info. Perhaps you can message our awesome support team with a screenshot or two, and they can help you out? :)