This is a how to on installing Fail2Ban on CentOS 7. Fail2Ban is an incredibly useful, and often necessary, package that will automatically block IP addresses attempting to brute-force attack your server(s). For instance, with Fail2Ban installed, if an IP address attempts to brute-force login user “root” on your server, one a certain number of attempted logins is reached within a designated time period, it will automatically insert an IPtables rule into your firewall to block all access from that IP address for a specified period of time. Of course, you set all of these variables in the configuration file, which I’ll go into later on. I have yet to have a public facing server be online more than a day before a brute force attack of some sort is encountered. The best practice is to use secure passwords, with upper case, lower case, numbers and a few symbols. Never use dictionary based passwords. With effective, secure passwords it would take a very, very long time to gain access to a server by means of brute force, but it is possible. Regardless, it’s best to block these attacks from the beginning. It is all automated with Fail2Ban.
This guide assumes you have a CentOS 7 installation and have ran yum update. It requires you have root SSH access to the server.
First, you need to install the EPEL repository. Fail2Ban is not available from CentOS, with the available repositories.
cd /tmp rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/epel-release-7-5.noarch.rpm