liyang85
8/17/2017 - 4:23 AM

Install Fail2ban to protect SSH on CentOS 6

Install Fail2ban to protect SSH on CentOS 6

# part 1: installation

yum install epel-release
yum install fail2ban

# part 2: configure local settings
#
# You can find a file with default values called `/etc/fail2ban/jail.conf`. 
# Since this file may be overwritten by package upgrades, we shouldn't edit it in-place. 
# Instead, we'll write a new file called `/etc/fail2ban/jail.local`. 
# Any values defined in `jail.local` will override those in `jail.conf`.
# https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7
#
# below settings are for fail2ban v0.9.6, older versions have DIFFERENT options

vim /etc/fail2ban/jail.local
  [DEFAULT]
  bandtime = 3600
  
  [sshd]
  enabled = true

# part 3: start fail2ban-server

service fail2ban start
service fail2ban status
fail2ban-client status sshd

# part 4: start fail2ban service on boot

chkconfig --list fail2ban
# fail2ban has been set to start on boot by default, if not, then:
chkconfig --add fail2ban