fail2ban centos

Various malicious bots or human-attackers may be trying to get access to your server over SSH. In this article I will explain how to secure your server against SSH brute-force attacks with fail2ban on CentOS.

If you are looking for instructions for Ubuntu, Debian or Linux Mint, see my other post.

fail2ban is a special software that is installed on a server to block intruders’ IP addresses after exceeding configured amount of failed login attempts.

fail2ban SSH on CentOS

Installation and configuration of fail2ban for SSH is very simple.

First we have to install required fail2ban packages:

yum install fail2ban fail2ban-systemd

Next, create /etc/fail2ban/jail.local file and put the following content inside:

[DEFAULT]
banaction = iptables-multiport
bantime = 86400 # bans IP address for 24h, specified in seconds

[sshd]
enabled = true

Save the file and then execute systemctl start fail2ban . That’s it, you have installed, configured and started fail2ban SSH protection!

Don’t forget to make fail2ban to start at boot time with following command (thanks Chris for reminding me about that!):

systemctl enable fail2ban