m d3velopment a technical, development and security blog

30Aug/10Off

Install Fail2Ban on CentOS 5.5

The installation process for Fail2Ban (a brute force protection application) on CentOS 5.5. is as follows -

Login to your server as root, then:

wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact

tar -xf fail2ban-0.8.4.tar.bz2

cd fail2ban-0.8.4

python setup.py install

cp files/redhat-initd /etc/init.d/fail2ban

chkconfig --add fail2ban

chkconfig fail2ban on

Once the installation is complete open the jail.conf configuration:

nano -w /etc/fail2ban/jail.conf

Review the sections e.g. [ssh-iptables]), and change the ones you would like enabled to '= true'

You will also need to define your email address and log locations, for example:

sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
logpath  = /var/log/sshd.log

This should become (example):

sendmail-whois[name=SSH, dest=you@yourdomain.com, sender=fail2ban@yourserversdomain.net]
logpath  = /var/log/secure

Once you have completed the configuration of the jail.conf file you will need to start fail2ban's service:

service fail2ban start

You can test the rules per service using:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The defaults should work correctly for SSH but if they don't, check out this article for more options.

Search this site for information on setting up Fail2Ban for Asterisk, Courier-IMAP, Horde and other Linux services.

Enjoy this article?

Consider subscribing to our rss feed!

Filed under: Linux, Security Comments Off
Comments (8) Trackbacks (2)
  1. Paddy
    December 6th, 2010 - 15:29

    Hi,

    Thank you! It worked like a charm and easy guide! Thanks a lot and you saved my day!

    Paddy

  2. dave
    February 12th, 2011 - 10:59

    thanks all done hackers will be in pain ow

  3. One
    March 21st, 2011 - 14:34

    I have a question, say I wanted to use fail2ban to protect Plesk via the login panel found via 8443 or 8880 ports. Would this be possible? How would I go about in doing such?

  4. m
    March 21st, 2011 - 19:58

    I’ve not found a way to do this yet but suspect it would be possible by parsing Plesk’s login / authentication logs.

  5. loadedmind
    April 22nd, 2011 - 04:02

    How would one configure this to allow ssh on an alternate port versus the default 22?

  6. m
    April 27th, 2011 - 01:29

    Adjust /etc/fail2ban/jail.conf to suit, example – if your SSH daemon is on port 22 and 8899:

    [ssh-iptables]
    enabled = true
    filter = sshd
    action = iptables-multiport[name=SSH, port="22,8899", protocol=tcp]
    sendmail-whois[name=SSH, dest=you@your-domain.net]
    logpath = /var/log/secure
    maxretry =5
    bantime =3600

  7. Brian
    June 4th, 2011 - 01:48

    Thanks for the great tutorial!

  8. gsmdenis
    June 7th, 2011 - 12:36

    just yum install fail2ban


Trackbacks are disabled.

Secure Plesk Courier-IMAP POP3/IMAP against brute forcing « m d3velopment
How to protect Horde Webmail (Plesk) against brute force attacks « m d3velopment
» «

Site Cloud

Site Categories

Recent Posts

Recent Comments

Blogroll