How To Secure SSH with Fail2Ban on CentOS 7

Samuel Siahaan
By Samuel Siahaan

CentOS 7 is a popular choice for hosting servers, but it’s essential to ensure the security of your server, especially when it comes to SSH access. One effective method to protect your CentOS 7 server from unauthorized access is by setting up Fail2Ban. In this step-by-step guide, we will explain the process of How To Secure SSH with Fail2Ban on CentOS 7

Contents
Table of ContentsUnderstanding the Need for SecurityWhat is Fail2Ban?PrerequisitesSecure SSH with Fail2BanStep 1: SSH into Your ServerStep 2: Update Your SystemStep 3: Install Fail2BanStep 4: ConfigurationStep 5: Restart Fail2BanHow Fail2Ban WorksAdditional Security MeasuresConclusion

Table of Contents

Understanding the Need for Security

Before we delve into the setup process, it’s crucial to understand why securing your CentOS 7 server is so important. Unauthorized access to your server can lead to data breaches, system compromises, and potential damage to your digital assets. Therefore, setting up security measures is paramount.

What is Fail2Ban?

Fail2Ban is a robust intrusion prevention tool that can protect your server by monitoring and reacting to unauthorized login attempts. It scans log files and bans IP addresses that show suspicious activities. This tool acts as a virtual security guard, preventing unauthorized access to your server.

Prerequisites

Before we dive into how to protect and Secure SSH with Fail2Ban on CentOS 7, make sure you have the following:

- Advertisement -
  • An active CentOS 7 server and a regular user with sudo privileges. If you’re unsure about how to create a user with these privileges, feel free to check out our guide on Initial Setup CentOS 7 Server: Secure and Efficient.
  • If you’d like to test the ban functionality intentionally, you may also want to have a second server ready to connect to your primary server.

Secure SSH with Fail2Ban

Now that we understand the importance of server security and the role of Fail2Ban, let’s get started with the installation and configuration process.

Step 1: SSH into Your Server

The first step is to SSH into your CentOS 7 server. This requires basic knowledge of working with the command line. If you’re unfamiliar with SSH, don’t worry; we’ll guide you through this process step by step.

To begin, open your terminal and use the following command:

$ ssh your_username@your_server_ip

Replace your_username with your server’s username and your_server_ip with your server’s IP address.

Step 2: Update Your System

Before proceeding with any installation, it’s essential to ensure your system is up to date. You can do this by running the following commands:

- Advertisement - 
$ sudo yum -y update

Step 3: Install Fail2Ban

Now, it’s time to install Fail2Ban on your CentOS 7 server. Use the following command:

$ sudo yum install epel-release
$ sudo yum install fail2ban

The first command installs the EPEL repository, which contains Fail2Ban, and the second command installs Fail2Ban itself.

Step 4: Configuration

The Fail2Ban service stores its configuration files in the /etc/fail2ban directory. In this directory, you’ll discover a file with default settings named jail.conf. It’s important to note that this file might get overwritten during package upgrades, so it’s not advisable to make direct edits. Instead, we will create a new file called jail.local. Any values you define in jail.local will take precedence over those in jail.conf.

- Advertisement -

Inside jail.conf, you’ll find a [DEFAULT] section, followed by sections for individual services. jail.local has the authority to override any of these values. Additionally, there is the possibility of further customization using files in /etc/fail2ban/jail.d/. These files are applied in the following sequence:

  • /etc/fail2ban/jail.conf
  • /etc/fail2ban/jail.d/*.conf, arranged alphabetically
  • /etc/fail2ban/jail.local
  • /etc/fail2ban/jail.d/*.local, sorted alphabetically

It’s worth mentioning that any file can incorporate a [DEFAULT] section, which is executed first, and may also include sections for individual jails. Keep in mind that the last value assigned to a specific parameter will take precedence.

Now, let’s kickstart the process by creating a simplified version of jail.local. To edit the jail.local file, you can use the following command:

$ sudo nano /etc/fail2ban/jail.local

Paste the following:

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

This action results in the modification of three settings: it establishes a fresh default ban duration for all services, confirms the utilization of iptables for firewall configuration, and activates the sshd jail.

Step 5: Restart Fail2Ban

After making these adjustments, exit and save the new file. If you’re using nano, simply press Ctrl-X to exit, ‘y’ to save, and then press Enter to confirm the filename. With these changes saved, you can proceed to restart the Fail2Ban service using systemctl.

$ sudo systemctl restart fail2ban

The systemctl command should complete its execution silently. To confirm that the service is up and running, you can employ the fail2ban-client.

$ sudo fail2ban-client status
Output
Status
|- Number of jail:      1
`- Jail list:   sshd

You can also get more detailed information about a specific jail:

$ sudo fail2ban-client status sshd

How Fail2Ban Works

Now that you’ve set up Fail2Ban, let’s understand how it works to secure your CentOS 7 server.

Fail2Ban continuously scans log files, such as /var/log/secure, for suspicious login attempts. When it detects multiple failed login attempts from the same IP address, it temporarily bans that IP address. The banned IP address is prevented from connecting to your server for a predefined duration.

This simple yet effective process ensures that unauthorized login attempts are thwarted, enhancing the security of your server.

Additional Security Measures

While Fail2Ban is an excellent tool for securing your CentOS 7 server, it’s always a good practice to implement additional security measures. Here are some suggestions:

  1. Use Strong Passwords: Ensure that your server users have strong, unique passwords.
  2. Disable Root Login: Disable direct root login and use sudo privileges for administrative tasks.
  3. Update Regularly: Keep your system and software up to date to patch known vulnerabilities.
  4. Firewall Rules: Implement firewall rules to restrict access to your server.
  5. Two-Factor Authentication (2FA): Consider enabling 2FA for SSH access, adding an extra layer of security.

Conclusion

In this comprehensive guide, we’ve walked you through the process of securing your CentOS 7 server with Fail2Ban. We’ve used familiar words and essential transition words to make the setup process easier to understand. By following these steps and implementing additional security measures, you can protect your server from unauthorized access and ensure the safety of your data and resources.

Security is an ongoing process, so be sure to regularly monitor and update your security measures to stay one step ahead of potential threats. Your CentOS 7 server will thank you for it!

Also Read Our Other Guides :

Finally, now you have learned how to protect and Secure SSH with Fail2Ban, bolster your server’s security, and keep your data safe on CentOS 7.

TAGGED:
Share This Article
Previous Article How To Secure SSH with Fail2Ban on Debian 11
Next Article How To Secure SSH with Fail2Ban on Rocky Linux 9
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

How To Install and Secure phpMyAdmin on Ubuntu 22.04
Ubuntu
Install and Configure Docker Swarm Mode on Centos 7
CentOS
How To Install and Config Thumbor on Debian 10
Debian
How To Install MariaDB 10.6 on Debian 11 Server
Debian
How To Install MongoDB 6.0 on Debian 10 & 11
Debian

You Might Also Like