FedoraRHEL Based

How To Install Fail2ban on Fedora 38

Install Fail2ban on Fedora 38

In this tutorial, we will show you how to install Fail2ban on Fedora 38. For those of you who didn’t know, Fail2ban is a log-parsing application that scans log files for specific patterns and bans IP addresses that exhibit suspicious behavior. It works by monitoring system logs, such as authentication logs, and dynamically updates firewall rules to block malicious IP addresses. Fail2ban helps protect your system from brute-force attacks, DDoS attempts, and other malicious activities.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Fail2ban on a Fedora 38.

Features of Fail2ban

  • Dynamic Firewall Rules: Fail2ban automatically updates firewall rules to block malicious IP addresses.
  • Customizable Filters: You can create custom filters to detect specific patterns in log files.
  • Flexible Actions: Fail2ban offers various actions to respond to detected threats, such as banning IP addresses, sending email notifications, or executing custom scripts.
  • IP Whitelisting: You can whitelist trusted IP addresses to ensure they are not blocked.
  • Logging and Reporting: Fail2ban provides detailed logs, allowing you to monitor and analyze detected threats

Prerequisites

  • A server running one of the following operating systems: Fedora 38.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for Fail2ban.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Fail2ban on Fedora 38

Step 1. Before we can install Fail2ban on Fedora 38, it’s important to ensure that our system is up-to-date with the latest packages. This will ensure that we have access to the latest features and bug fixes and that we can install Fail2ban without any issues:

sudo dnf upgrade --refresh

Step 2. Installing Fail2ban on Fedora 38.

By default, Fail2ban is available on Fedora 38 base repository. Installing Fail2ban on Fedora 38 is straightforward using the DNF package manager. Execute the following command in the terminal:

sudo dnf install fail2ban

Enter your password when prompted and wait for the installation to finish.

Step 3. Configuring Fail2ban.

Fail2ban’s main configuration file is located at /etc/fail2ban/jail.conf. You can customize the configuration by creating an override file named /etc/fail2ban/jail.local. Open the file using the nano text editor:

nano /etc/fail2ban/jail.local

In this file, you can modify settings such as the ban time, log file paths, and email notifications. Save the changes and exit the text editor.

Step 4. Managing Fail2ban

  • Basic Fail2ban Configuration

Fail2ban has several configuration options that you can modify to suit your needs. Some key configurations include:

  • bantime: Specifies the duration (in seconds) for which an IP address is banned. The default value is 600 seconds (10 minutes).
  • maxretry: Defines the maximum number of failed attempts allowed before an IP address is banned.
  • findtime: Sets the time window (in seconds) in which the maxretry limit is considered. If the number of failed attempts exceeds maxretry within this time frame, the IP address is banned.

Make sure to restart Fail2ban after making any changes to the configuration:

sudo systemctl restart fail2ban
  • Viewing Fail2ban Logs

Fail2ban keeps detailed logs of its activities, which can be helpful for monitoring and troubleshooting. The logs are stored in the directory /var/log/fail2ban/. You can view the logs using the following command:

sudo tail -f /var/log/fail2ban.log

This command will display the latest log entries in real-time. Press Ctrl+C to exit the log viewer.

  • Customizing Fail2ban Filters and Actions

Fail2ban provides pre-defined filters for common services, but you can also create custom filters to match specific log patterns. Custom filters are defined in separate files located in the /etc/fail2ban/filter.d/ directory. You can create or modify filters using a text editor.

Additionally, Fail2ban supports various actions, such as banning IP addresses, sending email notifications, or executing custom scripts. You can customize these actions in the Fail2ban configuration file.

Step 5. Testing Fail2ban.

  • Triggering a Ban

To test if Fail2ban is functioning correctly, you can intentionally trigger a ban by generating failed login attempts. For example, you can use SSH to simulate failed authentication by entering an incorrect password multiple times. After a certain number of failed attempts (as configured in Fail2ban), your IP address should be temporarily banned.

  • Monitoring Banned IP Addresses

You can monitor the IP addresses that Fail2ban has banned using the following command:

sudo fail2ban-client status

This command will display information about the banned IP addresses and their associated jails.

Step 7. Fine-tuning Fail2ban.

  • Adjusting Ban Time and Thresholds

The default ban time and threshold values may not be suitable for all scenarios. Depending on your specific requirements, you may need to adjust the ban time and thresholds to strike a balance between security and convenience. Experiment with different values to find the optimal configuration for your system.

  • Whitelisting IP Addresses

Fail2ban allows you to whitelist specific IP addresses to ensure they are not mistakenly banned. You can add IP addresses to the whitelist by modifying the Fail2ban configuration file and adding them to the ignoreip directive.

Congratulations! You have successfully installed Fail2ban. Thanks for using this tutorial for installing Fail2ban on your Fedora 38 system. For additional help or useful information, we recommend you check the official Fail2ban website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button