How To Install Fail2ban on Fedora 37

In this tutorial, we will show you how to install Fail2ban on Fedora 37. For those of you who didn’t know, Fail2ban is an open-source intrusion prevention software that helps protect Linux servers from malicious login attempts and brute-force attacks. It works by scanning server logs and detecting any suspicious activity, such as repeated login attempts or unauthorized access attempts, and then blocks the offending IP address.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Fail2ban on a Fedora 37.

Prerequisites

• A server running one of the following operating systems: Fedora 37.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• SSH access to the server (or just open Terminal if you’re on a desktop).
• An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Fail2ban.
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Fail2ban on Fedora 37

Step 1. Before proceeding, update your Fedora operating system to make sure all existing packages are up to date. Use this command to update the server packages:

sudo dnf upgrade
sudo dnf update

Step 2. Installing Fail2ban on Fedora 37.

By default, Fail2ban is available in the default repositories of Fedora 37, so you can install it using the dnf package manager. To install Fail2ban, run the following command below:

sudo dnf install fail2ban

After the installation is complete, we need to enable and start the Fail2ban service using the following commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Step 3. Configuring Fail2ban.

Fail2ban’s configuration file is located at /etc/fail2ban/jail.conf. However, it’s recommended to create a new configuration file instead of modifying the default one. We can do this by copying the default configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Next, open the Fail2ban configuration file with your favorite text editor:

nano /etc/fail2ban/jail.local

Find the [DEFAULT] section and set the ignoreip option to allow trusted IP addresses. This is useful if you want to whitelist certain IP addresses, such as your own:

ignoreip = 127.0.0.1/8 10.0.0.0/8 192.168.0.0/16

Find the [sshd] section and configure the settings to match the following:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 5

This configuration enables Fail2ban for the SSH service, sets the maximum number of login failures to 5, and uses the sshd filter to monitor the /var/log/secure log file for SSH login attempts.

Save and close the file, then restart the Fail2ban service by running the following command:

sudo systemctl restart fail2ban

Step 4. Testing Fail2ban.

To test if Fail2ban is working, you can intentionally fail to log in to your SSH service multiple times from a remote host. After the maximum number of login failures is reached, the offending IP address should be blocked by Fail2ban. You can check the status of Fail2ban by running the following command:

sudo fail2ban-client status

This will show you a summary of the current Fail2ban status, including the banned IP addresses.

Congratulations! You have successfully installed Fail2ban. Thanks for using this tutorial for installing Fail2ban on your Fedora 37 system. For additional help or useful information, we recommend you check the official Fail2ban website.