How To Install Fail2Ban on AlmaLinux 9

In this tutorial, we will show you how to install Fail2Ban on AlmaLinux 9. For those of you who didn’t know, Fail2Ban, at its core, is a powerful intrusion prevention tool that acts as a vigilant guardian for your server. It scans log files for suspicious activity, such as repeated failed login attempts and promptly takes action by banning the offending IP addresses. This proactive defense mechanism not only thwarts brute-force attacks but also discourages malicious entities from targeting your server.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Fail2Ban on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux or RHEL-based.

Prerequisites

• A server running one of the following operating systems: AlmaLinux 9.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• SSH access to the server (or just open Terminal if you’re on a desktop).
• An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Fail2Ban.
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Fail2Ban on AlmaLinux 9

Step 1. Before diving into the installation process, ensure your AlmaLinux 9 system is up-to-date. Run the following commands in your terminal:

sudo dnf update

Step 2. Installing Fail2Ban on AlmaLinux 9.

• Method 1: Using EPEL Repository.

First, enable the EPEL repository by running the following command as root:

sudo dnf install epel-release

Install Fail2Ban by running the following command as root:

sudo dnf install fail2ban

Start the Fail2Ban service and enable it to start automatically at boot time by running the following commands as root:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Verify that Fail2Ban is running by checking its status:

sudo systemctl status fail2ban

If Fail2Ban is running, you should see output similar to the following:

● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-08-21 10:00:00 EDT; 1h ago
Process: 1234 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=0/SUCCESS)
Main PID: 1235 (fail2ban-server)
Tasks: 1 (limit: 4915)
Memory: 10.0M
CPU: 1.234s
CGroup: /system.slice/fail2ban.service
└─1235 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

• Method 2: Compiling from Source

If you prefer to compile Fail2Ban from the source, you can follow these steps:

Install the required dependencies by running the following command as root:

sudo dnf install gcc python3-devel

Next, download the Fail2Ban source code from the official website:

wget https://github.com/fail2ban/fail2ban/archive/0.11.2.tar.gz

Extract the source code:

tar xzf 0.11.2.tar.gz

Change to the extracted directory:

cd fail2ban-0.11.2

Run the following commands as root to compile and install Fail2Ban:

python3 setup.py build
python3 setup.py install

Start the Fail2Ban service and enable it to start automatically at boot time by running the following commands as root:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Verify that Fail2Ban is running by checking its status:

sudo systemctl status fail2ban

If Fail2Ban is running, you should see output similar to the following:

● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-08-21 10:00:00 EDT; 1h ago
Process: 1234 ExecStart=/usr/bin/fail2ban-server -xf start (code=exited, status=0/SUCCESS)
Main PID: 1235 (fail2ban-server)
Tasks: 1 (limit: 4915)
Memory: 10.0M
CPU: 1.234s
CGroup: /system.slice/fail2ban.service
└─1235 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Step 3. Configure Fail2Ban.

Fail2Ban’s potency lies in its tailored configuration, allowing you to customize its behavior to match your server’s unique requirements.

1. Locating the Configuration File:

Locate the Fail2Ban configuration file to commence customization:

sudo nano /etc/fail2ban/jail.local

2. Understanding Configuration Parameters:

• Setting Ban Time and Findtime:

Specify ban time (duration of IP ban) and find time (time frame to monitor for repeated failed attempts).

banTime = 3600
findtime = 600

• Specifying Maximum Retry Attempts:

Define the maximum number of retry attempts before a ban is imposed:

maxRetry = 5

• Defining Action on Ban:

Determine the action Fail2Ban takes upon detecting a ban-worthy incident (e.g., sending an email notification):

action = iptables[name=SSH, port=ssh, protocol=tcp]

3. Customizing Jails for Specific Services:

Tailor Fail2Ban’s protection to key services on your server:

• SSH Access:

[sshd]
enabled = true

• Apache Web Server:

[apache]
enabled = true

• Email Services (Postfix, Sendmail):

[postfix]
enabled = true
[sendmail]
enabled = true

4. Enabling and Disabling Jails:

Fine-tune your jail selection based on your server’s services. To enable or disable a jail, modify the enabled parameter accordingly.

Congratulations! You have successfully installed Fail2Ban. Thanks for using this tutorial for installing Fail2Ban on your AlmaLinux 9 system. For additional help or useful information, we recommend you check the official Fail2Ban website.