• WordPress
  • cPanel
  • Softaculous
  • KVM Virtualization
  • Vmware Virtualization
  • Proxmox
Friday, May 23, 2025
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
No Result
View All Result
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux

How to Install and Configure Fail2Ban on Rocky Linux

in Linux OS, Red Hat Enterprise Linux, Rocky Linux
How to Install and Configure Fail2Ban on Rocky Linux

Fail2Ban is an essential tool for enhancing the security of your Rocky Linux server. It works by monitoring log files and identifying patterns indicative of intrusion attempts or suspicious behavior. Upon detecting a pattern, Fail2Ban actively bans the responsible IP address, thwarting any additional malicious attempts. In this guide, we will walk you through the process of how to install and configure Fail2Ban on your Rocky Linux server.

How to Install and Configure Fail2Ban on Rocky Linux

Prerequisites

Before we begin, make sure your Rocky Linux server is up-to-date by running the following command:

sudo dnf update -y

Install Fail2Ban on Rocky Linux

To install Fail2Ban on your Rocky Linux server, run the following command:

sudo dnf install fail2ban -y
Install Fail2Ban on Rocky Linux

Enable and Start the Fail2Ban Service on Rocky Linux

Once installed, enable and start the Fail2Ban service using these commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Create a Custom Configuration File

To configure Fail2Ban, you will need to create a custom configuration file. This will prevent your changes from being overwritten during updates. To do this, create a new file named jail.local in the /etc/fail2ban/ directory:

sudo touch /etc/fail2ban/jail.local

Open the file with your favorite text editor (we will use nano in this example):

sudo nano /etc/fail2ban/jail.local

Now, let’s create a basic configuration for Fail2Ban. Copy and paste the following content into the jail.local file:

[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true

Here’s a breakdown of the configuration:

  • ignoreip: A list of IP addresses that Fail2Ban will not ban. In this case, we are ignoring the localhost IP range.
  • bantime: The ban time, specified in seconds, determines the duration an IP address will remain banned. In this example, the ban time is set to 1 hour (3600 seconds).
  • findtime: The time window (in seconds) within which Fail2Ban will count failed login attempts. In this example, the find time is set to 10 minutes (600 seconds).
  • maxretry: The maximum number of failed login attempts allowed within the findtime window before an IP address is banned. In this example, the maximum number of retries is set to 5.
  • [sshd]: This section enables Fail2Ban for the SSH service.

Save and close the file.

Restart the Fail2Ban Service on Rocky Linux

To apply the changes made to the configuration, restart the Fail2Ban service:

sudo systemctl restart fail2ban

Check the Fail2Ban Status on Linux

To confirm that Fail2Ban is working and protecting your server, run the following command:

sudo fail2ban-client status

You should see output similar to this:

Status
|- Number of jail:	1
`- Jail list:	sshd

This indicates that Fail2Ban is monitoring the SSH service.

Configure Firewall (Optional)

If you’re using a firewall like Firewalld or iptables, you should open the necessary ports to allow Fail2Ban to function properly. In most cases, the default SSH port (22) should be open, but you may need to open other ports depending on the services you want to protect.

For Firewalld, use the following commands:

sudo firewall-cmd --permanent --add-port=22/tcp
sudo firewall-cmd --reload

For iptables, use these commands:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo service iptables save

Note: Replace 22 with the appropriate port number if you’re using a custom SSH port or protecting other services.

Test Fail2Ban on Rocky Linux

To ensure Fail2Ban is functioning correctly, you can simulate a failed login attempt by purposely entering an incorrect password for an SSH connection. After multiple failed attempts (as specified in the maxretry setting), the IP address should be banned.

Use the following command to verify whether an IP address has been banned:

sudo fail2ban-client status sshd

Keep Fail2Ban Up-to-Date

Regularly updating your system ensures that Fail2Ban receives the latest security updates and improvements. To update Fail2Ban on Rocky Linux, run the following command:

sudo dnf update fail2ban

Conclusion

By following these steps, you have successfully installed and configured Fail2Ban on your Rocky Linux system. Fail2Ban is a powerful tool that helps protect your server from malicious login attempts and other security threats. By customizing the configuration files and keeping Fail2Ban up-to-date, you can maintain a secure server environment.

For further reading, explore other security tools and practices for Rocky Linux, such as SELinux, Nagios, or Zabbix.

ShareTweet
Previous Post

How to Install and Configure Prometheus on Rocky Linux

Next Post

How to Install SVN on Rocky Linux

Related Posts

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure OpenVAS on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

How to Install and Configure Nikto on Rocky Linux

Set up FreeIPA on Rocky Linux

How to Install and Configure FreeIPA on Rocky Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Golden Host VPS
  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.

  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.