Jack Wallen shows you how to install and configure fail2ban on the latest release of Fedora Linux.
Since IBM/Red Hat has decided to ring the death knell for the CentOS we know and love, many of you might be considering making the switch to Fedora or Fedora Server. Because of that, you might want to know how to get a crucial system like fail2ban installed and running.
For those that might not know, fail2ban is one of the most popular open source tools for the banning of unwanted logins on a Linux system. Fail2ban monitors specific log files for failed login attempts and, when an attempt to compromise is detected, it blocks the IP address from further attack or attempted logins.
This tool should be considered a must-have for anyone who administers a Linux server or even desktop.
I want to walk you through the process of installing and configuring fail2ban on the latest release of Fedora.
SEE: Identity theft protection policy (TechRepublic Premium)
What you'll need
- A running instance of either Fedora 33 desktop or server
- A user account with sudo privileges
How to install fail2ban
To install fail2ban on Fedora, you must first add the EPEL repository with the command:
sudo dnf install epel-release -y
Once this completes, install fail2ban with the command:
sudo dnf install fail2ban -y
When the installation finishes, start and enable fail2ban with the commands:
sudo systemctl enable fail2ban sudo systemctl start fail2ban
How to configure fail2ban
Fail2ban configurations are contained within jail files, which are housed in /etc/fail2ban. We're going to create a new jail.local file that will watch for SSH login attempts. Create this new file with the command:
sudo nano /etc/fail2ban/jail.local
If the nano editor isn't installed, do so with the command:
sudo dnf install nano -y
In the new jail.local file, add the following contents:
[sshd] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log maxretry = 3
Save and close the file.
With the new jail configuration in place, restart fail2ban with the command:
sudo systemctl restart fail2ban
How to test fail2ban
The easiest way to test fail2ban is to attempt to log in using SSH from another machine on your network. Type the password incorrectly three times. Once your third attempt fails, the IP address of the machine you're testing from will be banned. Attempt to Secure Shell into the Fedora machine again and you'll immediately be denied.
Once you've successfully tested the system, you can unban the test IP address with the command:
sudo fail2ban-client set sshd unbanip IP
Where IP is the IP address of the machine you want to unban.
And that's all there is to installing and configuring fail2ban on Fedora 33. You should consider this a must-use tool to ensure the security of your Linux systems.
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Shadow IT policy (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)