Home > HowTo, Linux > Setup Fail2Ban

Setup Fail2Ban

January 5th, 2010 Leave a comment Go to comments

How to Install fail2ban on CentOS RedHat

Reference to my original post here
Make sure you have the repo darg for CentOS/RedHat

# yum install fail2ban
# chkconfig –add fail2ban
# chkconfig fail2ban on
# vim /etc/fail2ban.conf

[DEFAULT]
background = false
debug = false
logtargets = /var/log/fail2ban.log
syslog-target = /dev/log
syslog-facility = 1
pidlock = /var/run/fail2ban.pid
maxfailures = 5
bantime = 86400
findtime = 600
ignoreip = 192.168.0.0/16 127.0.0.1
cmdstart =
cmdend =
polltime = 1
reinittime = 10
maxreinits = -1

[MAIL]
enabled = true
host = localhost
port = 25
from = fail2ban
to = felipe.ferreira@localhost
localtime = true
subject = [Fail2Ban] <section>: Banned <ip> onĀ  <hostname>
message = Hi,<br>
The IP <ip> has just been banned by Fail2Ban after
<failures> attempts against <section>.<br>
Regards,<br>
Fail2Ban

[SSH]
enabled = true
logfile = /var/log/secure
fwstart = iptables -N fail2ban-ssh
iptables -I INPUT -p tcp –dport ssh -j fail2ban-ssh
iptables -A fail2ban-ssh -j RETURN
fwend = iptables -D INPUT -p tcp –dport ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh
fwcheck = iptables -L INPUT | grep -q fail2ban-ssh
fwban = iptables -I fail2ban-ssh 1 -s <ip> -j DROP
fwunban = iptables -D fail2ban-ssh -s <ip> -j DROP
timeregex = S{3}s{1,2}d{1,2} d{2}:d{2}:d{2}
timepattern = %%b %%d %%H:%%M:%%S
failregex = Authentication failure|Failed password|Invalid user

Categories: HowTo, Linux Tags: , , , , ,

VAMOVE *

*