+
termux
+
+
tf
+
protobuf
+
rb
+
+
pascal
+
ocaml
+
supabase
+
clj
kali
elixir
fedora
+
keras
+
+
jasmine
+
+
flask
+
+
+
centos
jquery
+
+
vscode
toml
jasmine
+
toml
+
+
+
+
+
solid
postgres
chef
+
+
influxdb
vite
+
+
~
fiber
gatsby
+
&&
+
puppet
matplotlib
|>
+
parcel
+
travis
+
!=
istio
esbuild
android
+
+
qwik
express
+
firebase
+
+
+
+
zig
+
Back to Blog
How to Install and Configure Fail2Ban on AlmaLinux
Linux AlmaLinux

How to Install and Configure Fail2Ban on AlmaLinux

Published Dec 17, 2023

Secure your AlmaLinux server! Learn to install and configure Fail2Ban, a powerful tool that guards against unauthorized access.

3 min read
0 views
Table of Contents

Strengthen the security of your AlmaLinux server with Fail2Ban, a robust tool that guards against unauthorized access by monitoring system logs and thwarting suspicious activities.

Installing Fail2Ban

Kickstart the process by updating your system and installing EPEL repository & Fail2Ban:

sudo dnf update -y && sudo dnf install epel-release -y
sudo dnf install fail2ban -y

Fail2Ban Installation

(Optional) If you would like email support, install Sendmail:

sudo dnf install sendmail -y

Start and Enable Fail2Ban

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Fail2Ban Service Start

Configuring Fail2Ban

fail2ban.conf contains the default configuration profile. The default settings give you a reasonable working setup. If you want to make any changes, it’s best to do it in a separate file, fail2ban.local, which overrides fail2ban.conf.

  1. Rename a copy fail2ban.conf to fail2ban.local:
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local

The values that can be changed are:

  • loglevel: The level of detail that Fail2ban’s logs provide
  • logtarget: Logs actions into a specific file
  • socket: The location of the socket file
  • pidfile: The location of the PID file
  1. Edit Configuration File and Change the backend:
sudo nano /etc/fail2ban/jail.local

Fail2Ban Configuration

Change the backend option to systemd:

backend = systemd
  1. Define Custom Jails

Customize jails for specific services by adding entries:

[sshd]
enabled = true
port = ssh
filter = sshd
  1. Configure Action
[DEFAULT]
banaction = iptables-multiport

Fail2Ban Jail Configuration

Monitor Fail2Ban Status

sudo fail2ban-client status
sudo fail2ban-client status sshd

Fail2Ban Status Check

Monitor log files:

tail -f /var/log/fail2ban.log

Troubleshooting

Check Service Status

sudo systemctl status fail2ban

Restart Fail2Ban

sudo systemctl restart fail2ban

View Banned IPs

sudo fail2ban-client status sshd

Unban an IP Address

sudo fail2ban-client set sshd unbanip IP_ADDRESS

Best Practices

  1. Regular Monitoring: Check logs frequently for security events
  2. Custom Filters: Create filters for specific applications
  3. Email Notifications: Configure email alerts for bans
  4. Backup Configuration: Save your custom configurations
  5. Update Regularly: Keep Fail2Ban updated for latest security features

Conclusion

By implementing Fail2Ban on AlmaLinux, you establish a resilient defense against malicious activities. Regular monitoring and fine-tuning of settings will help you adapt to evolving security needs and maintain a robust server environment.