How to Install and Configure Fail2Ban in AlmaLinux 9

September 20, 2023
How to Install and Configure Fail2Ban in AlmaLinux 9

Fail2ban is an open-source & free intrusion prevention system. It’s used to protect the server system against brute-force attacks. Fail2ban monitors the SSH log files for authentication attempts continuously. It’s banned the client IP after a specified number of incorrect password attempts. It is also used for securing SSH, VSFTPD, Apache and Webmin. Today, we’ll learn how we can install and configure Fail2ban in AlmaLinux 9

Before starting the tutorial, ensure that your server is running with AlmaLinux 9 & you have the root access to install and configure Fail2ban in AlmaLinux 9 server.

Step 01: Need to verify whether the Firewalld is installed/enabled or not:

Firewalld is a Firewall management tool that comes pre-installed in AlmaLinux 9.

systemctl status firewalld

If your firewall is running, it’ll show “active (running)”, & it’s not running, then it’ll show “inactive (dead)” under the Active section.

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

To start the Firewall service, use the following command.

systemctl start firewalld

Now, recheck the status using the following command.

systemctl status firewalld

The output should be like this:

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-09-19 17:49:15 UTC; 12s ago
     Docs: man:fail2ban(1)
 Main PID: 306465 (fail2ban-server)
    Tasks: 3 (limit: 204279)
   Memory: 10.9M
   CGroup: /system.slice/fail2ban.service
           └─306465 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

Now, watch all the services as list configured by the firewall using the following command:

firewall-cmd --list-all

The output will be like this:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp3s0
  sources: 
  services: cockpit dhcp dhcpv6-client ftp https imap imaps pop3 pop3s smtp smtps ssh
  ports: 21/tcp 22/tcp 25/tcp 53/tcp 80/tcp 143/tcp 443/tcp 465/tcp 993/tcp 3306/tcp 53/udp 587/tcp
  protocols: 
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Step 02: Install Fail2ban:

The Fail2Ban package is not available in AlmaLinux 9 repositories. So, we need to install this from the EPEL repository.

Use the following command to install the EPEL repository.

dnf install epel-release -y

After installing the EPEL repository, we need to install the Fail2Ban by using the following command:

dnf install fail2ban fail2ban-firewalld -y

After installing the package, we need to activate & run it.

Step 03: Active & Enable the Fail2Ban Package:

Using the following command, we can activate the Fail2Ban in AlmaLinux 9:

systemctl start fail2ban

Time to enable the Fail2Ban by using this command:

systemctl enable fail2ban

Time to check whether the Fail2Ban is enabled or not!

systemctl status fail2ban

The output will show like this:

 fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2023-09-19 17:49:15 UTC; 12s ago
     Docs: man:fail2ban(1)
 Main PID: 306465 (fail2ban-server)
    Tasks: 3 (limit: 204279)
   Memory: 10.9M
   CGroup: /system.slice/fail2ban.service
           └─306465 /usr/bin/python3.6 -s /usr/bin/fail2ban-server -xf start

Step 03: Configure Fail2Ban

The main configuration file name is jail.conf for Fail2Ban & located at /etc/fail2ban/. To configure the Fail2Ban, we’ll need to use this file.

It’s always safe to keep a backup of the default file.

Using the following command, we’ll keep the default file as a backup file. The name of this file will be jail.conf.back.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.back

As Fial2Ban uses the IPtables firewall, we need to enable the Firewalld support using the following command:

mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local

Now, we need to restart the Fail2Ban by using the following command:

systemctl restart fail2ban

Step 04: Secure SSH with Fail2Ban

Now, we need to configure Faild2Ban to block remote IPs. Here, we’ll create a jail configuration file to keep SSH secured using the following command:

Nano should be installed on your server. Otherwise, you may use vim.

nano /etc/fail2ban/jail.d/sshd.local

Add the following lines in it:

[sshd]
enabled = true
maxretry = 3
bantime = 3h

Here,

  • [ssh] is used to enable Fail2Ban for SSH.
  • enable = true means this configuration is enabled.
  • maxretry = 3 means the system will block any IP after three incorrect attempts.
  • bantime = 3h means the blocked IP gets banned for 3 hours.

Now, we need to save the file using CTRL+O & Enter and close it using CTRL+X. Now, it is time to restart the Fail2Ban service.

systemctl restart fail2ban

We have to check whether the Fail2Ban is configured or not using the following command:

fail2ban-client status 

The output has to be:

Status
|- Number of jail:	1
`- Jail list:	sshd

Congratulations! We have successfully installed & configured Fail2Ban in AlmaLinux 9.

Some Useful Commands

To check banned IPs, use the following command:

fail2ban-client status sshd

Output:

|- Filter
|  |- Currently failed:	1
|  |- Total failed:	33
|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:	3
   |- Total banned:	4
   `- Banned IP list:	95.214.55.115 114.241.102.79 218.92.0.102

To unban the IP Address, use the following command:

fail2ban-client unban <ip-address> 

NB. These commands can be installed and configured Fail2Ban on any Red Hat Enterprise Linux (RHEL) based Linux distros.

Md Sohanur Rahman Sakib

For me, life is like a line. Line of a circle where my presence is just like a dot. A dot, which has value or maybe hasn't!

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent Articles

Facebook Sound Collection: Get Copyright-Free Music

Facebook Sound Collection: Get Copyright-Free Music

If you are a content creator on Meta's platforms, this article is for you. Today, we are going to discuss Meta's feature, which is the Facebook Sound Collection. We won't face copyright-related issues by using music from here for our projects. It's free with a ton of...

read more

Related Articles

How to enable cGroups v2 in AlmaLinux 9

How to enable cGroups v2 in AlmaLinux 9

AlmaLinux is becoming popular day by day for the server-side OS. Besides, cGroups v2 plays a significant role in managing resources! Based on the necessity to have cGroups v2 enabled in AlmaLinux, today we will learn how to enable cGroups v2 in AlmaLinux 9. What's the...

read more

Pin It on Pinterest

Share This