CentOS 7: fail2ban


Just a quick dirty way to block sshd and then I’d sort of wp scans and the like.

To install, it’s part of epel just yum it
yum install fail2ban

Can’t remember now, but I think I had to copy jail.conf to jail.local

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edited /etc/fail2ban/jail.local with the following:

enabled = true
maxretry = 3
bantime = 86400

Restarted and enabled:
systemctl start fail2ban
systemctl enable fail2ban

I’m not actually sure how this is actually working given I’m using firewalld rather than iptables
# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 20
| `- File list: /var/log/secure
`- Actions
|- Currently banned: 4
|- Total banned: 9
`- Banned IP list:

Need to get to know firewalld better…

# ipset --list
Name: fail2ban-sshd
Type: hash:ip
Revision: 1
Header: family inet hashsize 1024 maxelem 65536 timeout 86400
Size in memory: 17040
References: 1
Members: timeout 12459 timeout 47274 timeout 72749 timeout 15303