Install Fail2Ban on CentOS 5.5

The installation process for Fail2Ban (a brute force protection application) on CentOS 5.5. is as follows –

Login to your server as root, then:

wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact

tar -xf fail2ban-0.8.4.tar.bz2

cd fail2ban-0.8.4

python setup.py install

cp files/redhat-initd /etc/init.d/fail2ban

chkconfig --add fail2ban

chkconfig fail2ban on

Once the installation is complete open the jail.conf configuration:

nano -w /etc/fail2ban/jail.conf

Review the sections e.g. [ssh-iptables]), and change the ones you would like enabled to ‘= true’

You will also need to define your email address and log locations, for example:

sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/sshd.log

This should become (example):

sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/secure

Once you have completed the configuration of the jail.conf file you will need to start fail2ban’s service:

service fail2ban start

You can test the rules per service using:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The defaults should work correctly for SSH but if they don’t, check out this article for more options.

Search this site for information on setting up Fail2Ban for Asterisk, Courier-IMAP, Horde and other Linux services.

10 Replies to “Install Fail2Ban on CentOS 5.5”

  1. I have a question, say I wanted to use fail2ban to protect Plesk via the login panel found via 8443 or 8880 ports. Would this be possible? How would I go about in doing such?

  2. I’ve not found a way to do this yet but suspect it would be possible by parsing Plesk’s login / authentication logs.

  3. How would one configure this to allow ssh on an alternate port versus the default 22?

  4. Adjust /etc/fail2ban/jail.conf to suit, example – if your SSH daemon is on port 22 and 8899:

    [ssh-iptables]
    enabled = true
    filter = sshd
    action = iptables-multiport[name=SSH, port=”22,8899″, protocol=tcp]
    sendmail-whois[name=SSH, [email protected]]
    logpath = /var/log/secure
    maxretry =5
    bantime =3600

Comments are closed.