How to install fail2ban on Fedora 33 for protection against unwanted logins

Jack Wallen shows you how to install and configure fail2ban on the latest release of Fedora Linux.

istock-507473994-2.jpg

Image: Getty Images/iStockphoto

More about cybersecurity

Since IBM/Red Hat has decided to ring the death knell for the CentOS we know and love, many of you might be considering making the switch to Fedora or Fedora Server. Because of that, you might want to know how to get a crucial system like fail2ban installed and running.

For those that might not know, fail2ban is one of the most popular open source tools for the banning of unwanted logins on a Linux system. Fail2ban monitors specific log files for failed login attempts and, when an attempt to compromise is detected, it blocks the IP address from further attack or attempted logins.

This tool should be considered a must-have for anyone who administers a Linux server or even desktop.

I want to walk you through the process of installing and configuring fail2ban on the latest release of Fedora.

SEE: Identity theft protection policy (TechRepublic Premium)

What you’ll need

  • A running instance of either Fedora 33 desktop or server
  • A user account with sudo privileges

How to install fail2ban

To install fail2ban on Fedora, you must first add the EPEL repository with the command:

sudo dnf install epel-release -y

Once this completes, install fail2ban with the command:

sudo dnf install fail2ban -y

When the installation finishes, start and enable fail2ban with the commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

How to configure fail2ban

Fail2ban configurations are contained within jail files, which are housed in /etc/fail2ban. We’re going to create a new jail.local file that will watch for SSH login attempts. Create this new file with the command:

sudo nano /etc/fail2ban/jail.local

If the nano editor isn’t installed, do so with the command:

sudo dnf install nano -y

In the new jail.local file, add the following contents:

[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Save and close the file.

With the new jail configuration in place, restart fail2ban with the command:

sudo systemctl restart fail2ban

How to test fail2ban

The easiest way to test fail2ban is to attempt to log in using SSH from another machine on your network. Type the password incorrectly three times. Once your third attempt fails, the IP address of the machine you’re testing from will be banned. Attempt to Secure Shell into the Fedora machine again and you’ll immediately be denied.

Once you’ve successfully tested the system, you can unban the test IP address with the command:

sudo fail2ban-client set sshd unbanip IP

Where IP is the IP address of the machine you want to unban.

And that’s all there is to installing and configuring fail2ban on Fedora 33. You should consider this a must-use tool to ensure the security of your Linux systems.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see

Source

Next Post

PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

Thu Dec 10 , 2020
Executive Summary Cryptojacking (or simply malicious coin mining) is a common way for malware authors to monetize their operations. While the underlying mining protocols and techniques remain fairly standard, malware actors tend to seek out and find smarter ways to hack into a victim’s machines. Recently, Unit 42 researchers uncovered […]