Security is something that should not be taken lightly when we are managing a server. And above all, if the server hosts web systems accessible from the Internet. This is because many people are behind these servers to steal the information they contain, some of them with quite important information. Imagine if they compromise the server where a company’s administrative system is hosted, the consequences would be terrible. Luckily, there are applications that help us protect even more servers from external attacks. Today, in this post we will show you how to install Fail2Ban on CentOS 8.
Fail2Ban is a tool that protects our server from possible attacks against a specific service. For example, when from an IP address you try to log in failed to service. It is very likely to be an attack trying to guess the password and cause problems.
Likewise, Fail2Ban is one of the most popular server applications out there. In fact, you have many collaborators in the community which makes it even more reliable.
On the other hand, Fail2Ban is easily configurable although it has many options for it. Therefore, it is flexible and powerful.
So, let’s install it and examine it a bit.
Install Fail2Ban on CentOS 8
Despite being a highly popular tool in sysadmin, Fail2Ban is not available from official repositories. However, installing it is not a problem thanks to the EPEL repository.
Then the first step is to enable it:
How to enable the EPEL repository on CentOS 8?
Once it is enabled without problems, you can install Fail2Ban using the following command:
:~# dnf install fail2ban
Once you have finished the installation you will be ready to configure. But let’s take a look.
The Fail2Ban on CentOS 8 configuration
Within the Fail2Ban directory, there are several configuration files and rules established for the main services used on a Linux server. Some of these services are the following:
- SSH.
- FTP services such as VSFTP or ProFTPD.
- Web servers such as Apache or Nginx.
- Email services such as Postfix, dovecot, and others.
- Other services such as WordPress, Asterisk, Drupal.
But these are not the only ones. So, we’re talking about almost total server protection.
The jail.conf file
In this sense, the most important configuration file is /etc/fail2ban/jail.conf where you can find almost all the fundamental options of the application.
It is recommended that if you are going to modify them first make a backup of it. This is because if a higher version of Fail2Ban updates the default configuration you will lose your changes. I also recommend creating the copy with extension .local which is the configuration that will recognize the application.
:~# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now if we can do what we want in the file because we have the security of knowing that if something goes wrong, we can return to the initial configuration.
By default it looks like this:
At the end of the file are the services it protects. If you want to activate or deactivate one, just comment or uncomment the lines.
You can even delete everything and create a custom file. This is done when you have enough experience and managing the application. Of the most important attributes of the configuration file, we find the following:
- ignoreip: Here we can indicate IP addresses that will not be applied Fail2Ban policies. For example, the IP of the server administrator’s computer. Or others that are considered secure.
- bantime: Here’s how long the banned IP address will last.
- maxretry: This indicates the number of logging attempts that the user will have available before banning it.
- findtime: The time is that it will have as limit the attempts.
- banaction: What action to take when the ban happens
- backend: the service or method to manage the log.
A simple example of a Fail2Ban configuration file can be the following:
[default] ignoreip:192.168.250.2 maxretry:6 bantime:500 findtime:200 banaction:iptables-multiport backend:auto [sshd] enabled = true [proftpd] enabled = true
Finally, you have to start the Fail2Ban service. It is also a good idea to make it start with the system.
:~# systemctl start fail2ban :~# systemctl enable fail2ban
Enjoy it.
Conclusion
Protecting a server against external and internal attacks is quite a complicated job. However, tools emerge to help make the task less complex. In this case, Fail2Ban is shown as an application that is very useful, secure and easy to configure. With it, our server will be a little more secure.
