How to get fail2ban on your Rocky Linux and AlmaLinux – Guide
Fail2ban must be on each of your Linux servers. If you haven’t installed it on Rocky Linux or AlmaLinux yet, Jack Wallen is here to help you with that. Fail2ban is one of the first software I install on Linux servers. This service will help prevent unwanted logins by prohibiting nefarious IP addresses from accessing your server. Unlike installing fail2ban on Ubuntu servers, you need to take an extra step with RHEL based servers. I’ll walk you through exactly that, demonstrating the process that will help you install fail2ban on Rocky Linux or AlmaLinux. The process will install the fail2ban and firewalld package necessary to allow the service to run on systems.
what will you need
The only things you need to make this work are:
That’s it. Let’s go to work.
How to enable firewalld
Out of the box, firewalld may not be working. To fix this, open a terminal window on your server and issue the command: sudo systemctl start firewalld Then enable the firewall service to run at startup with: sudo systemctl enable firewalld
How to install fail2ban
Now we can install fail2ban and the firewalld package. Back in the terminal window, add the EPEL repository with the command: sudo dnf install epel-release -y Once the repository is added, install fail2ban and the firewalld component with: sudo dnf install fail2ban fail2ban-firewalld -y Start and enable fail2ban with commands; sudo systemctl start fail2ban sudo systemctl enable fail2ban
How to configure fail2ban
With fail2ban installed, it’s time to configure it. First, we need to create a copy of the default configuration file with the command: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local Open this file for editing with the command: sudo nano /etc/fail2ban/jail.local In this file, look for the following options (in the [DEFAULT] section) and change them to reflect what you see below: bantime = 1h findtime = 1h maxretry = 5 Save and close the file. Next, we need to allow fail2ban to work with firewalld (instead of iptables) with the command: sudo mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local Restart fail2ban with: sudo systemctl restart fail2ban
How to create an SSH prison
Now let’s create a jail setup for the SSH server that will ban IP addresses for 1 day after 3 failed login attempts. Create the new configuration with the command: sudo nano /etc/fail2ban/jail.d/sshd.local Paste the following into this new file: [sshd] enabled = true bantime = 1d maxretry = 3 Save and close the file. Restart fail2ban: sudo systemctl restart fail2ban At this point, fail2ban is now protecting you from nefarious SSH connections. You can test it by trying to login with SSH using an incorrect password. After three attempts, you will be blocked for one day. If you get blocked, you can unban your IP address with the command: sudo fail2ban-client unban ADDRESS Where ADDRESS is the banned IP address. And that’s all there is to installing fail2ban on Rocky Linux or AlmaLinux. Enjoy that heightened sense of security (just don’t rely on fail2ban for all your security needs). From the news www.techrepublic.com
Final note
I hope you like the guide How to get fail2ban on your Rocky Linux and AlmaLinux. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.
