{"id":1567,"date":"2020-11-30T15:02:58","date_gmt":"2020-11-30T15:02:58","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/igmit\/?p=1567"},"modified":"2020-11-30T15:15:26","modified_gmt":"2020-11-30T15:15:26","slug":"fail2ban-centos-8","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/igmit\/?p=1567","title":{"rendered":"fail2ban (CentOS 8)"},"content":{"rendered":"\n

Install Fail2Ban and configure some default settings:<\/p>\n\n\n\n

sudo yum update\nsudo yum install epel-release\nsudo yum install fail2ban\nsudo nano \/etc\/fail2ban\/jail.local<\/pre>\n\n\n\n
A typical template for jail.local looks like this:<\/p>\n\n\n\n
[DEFAULT]
bantime = 43200
findtime = 600
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd]
enabled = true<\/pre>\n\n\n\n
ignore = a list of I.P address that you do not wish to ban<\/p>\n\n\n\n
bantime (seconds) – typical values are:
3600 (1 hour); 10800 (3 hours); 21600 (6 hours)
43200 (12 hours); 86400 (24 hours)<\/p>\n\n\n\n
maxretry is the number of failures before a host is banned. Default value is 3.<\/p>\n\n\n\n
findtime (seconds) and maxretry are related. Combined, they dictate the number of attempts (maxretry) within a given timeframe (findtime) which results in a ban. Default value of findtime is 600, which means that when fail2ban counts 3 failed attempts, within the last 10 minutes, it will ban the querying IP address.<\/p>\n\n\n\n
Good values for findtime are:
300 or 600 (300 seconds = 5 minutes, 600 = 10 minutes)
3 for maxretry<\/p>\n\n\n\n
Enable Fail2Ban at reboot, start the service, and check status:<\/p>\n\n\n\n
systemctl start fail2ban
systemctl enable fail2ban
systemctl status fail2ban
fail2ban-client status
fail2ban-client status sshd<\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Install Fail2Ban and configure some default settings: sudo yum update sudo yum install epel-release sudo yum install fail2ban sudo nano \/etc\/fail2ban\/jail.local A typical template for jail.local looks like this: [DEFAULT]bantime = 43200findtime = 600maxretry = 3banaction = iptables-multiportbackend = systemd[sshd]enabled = true ignore = a list of I.P address that you do not wish to […]<\/a><\/p>\n","protected":false},"author":1149,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[63,134,22,135],"class_list":["post-1567","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-centos","tag-fail2ban","tag-linux","tag-ssh","category-1-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/posts\/1567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/users\/1149"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1567"}],"version-history":[{"count":10,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/posts\/1567\/revisions"}],"predecessor-version":[{"id":1579,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=\/wp\/v2\/posts\/1567\/revisions\/1579"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/igmit\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}