• About Us
  • Disclaimers
  • Privacy Policy
  • Sitemap
Linux Tutorials for Beginners
Advertisement
  • Ubuntu
    Install and Secure phpMyAdmin on Ubuntu 22.04

    How To Install and Secure phpMyAdmin on Ubuntu 22.04

    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Ubuntu 22.04

    Install Uptime Kuma on Ubuntu 22.04

    How To Install Uptime Kuma on Ubuntu 22.04

    Install Ubuntu Server 22.04

    How To Install Ubuntu Server 22.04 LTS with Screenshots

    Set Up Firewall on Ubuntu 22.04

    How To Set Up a Firewall with UFW on Ubuntu 22.04

    Install Nginx on Ubuntu

    How To Install Nginx on Ubuntu 22.04: A Comprehensive Guide

    Install MySQL 8.0 on Ubuntu 22.04

    How To Install MySQL 8.0 on Ubuntu Server 22.04

    install-php74-ubuntu2204

    How To Install PHP 7.4 on Ubuntu 22.04

    Install Snipe-IT on Ubuntu 22.04

    How To Install Snipe-IT Asset Management on Ubuntu 22.04

  • Debian
    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Debian 11

    Install Debian 11 Server

    How To Install Debian 11 (Bullseye) Server with Pictures

    Install and Setup Node.js on Debian 11

    How To Install and Setup Node.js on Debian 11

    Install PHP 8.2 on Debian 11

    How To Install PHP 8.2 on Debian 11

    Install Nginx on Debian 11

    How To Install Nginx on Debian 11: A Comprehensive Guide

    Set Up Firewall with UFW on Debian

    How To Set Up a Firewall with UFW on Debian 11

    install php74 on debian 11

    How To Install PHP 7.4 on Debian 11

    Install MariaDB 10.9 on Debian 11

    How To Install MariaDB 10.9 on Debian 11 Server

    Initial Setup Debian Server

    Initial Setup Debian 11 Server: Secure and Efficient

  • Rocky Linux
    Install phpMyAdmin on Rocky Linux 9

    How To Install phpMyAdmin on Rocky Linux 9

    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Rocky Linux 9

    Install Rocky Linux 9.2 Server

    How To Install Rocky Linux 9.2 Server with Screenshots

    setup Firewall Using Firewalld Rocky Linux 9

    How To Set Up a Firewall Using FirewallD on Rocky Linux 9

    Install Nginx on Rocky Linux 9

    How To Install Nginx on Rocky Linux 9: A Comprehensive Guide

    Install Apache on Rocky Linux

    How To Install and Configure Apache on Rocky Linux 9

    Install MongoDB on Rocky Linux 9

    How To Install MongoDB 6.0 on Rocky Linux 9

    Install Docker on Rocky Linux

    How To Install Docker CE on Rocky Linux 9

  • CentOS
    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on CentOS 7

    Install PHP8.2 on CentOS 7

    How To Install PHP 8.2 on CentOS 7 / RHEL 7

    Install Apache on CentOS 7

    How To Install Apache Web Server on CentOS 7

    Set Up FirewallD on CentOS 7

    How To Set Up a Firewall Using FirewallD on CentOS 7

    Initial Setup CentOS 7 Server

    Initial Setup CentOS 7 Server: Secure and Efficient

    Install Nginx on CentOS 7

    How To Install Nginx on CentOS 7: A Comprehensive Guide

    Build NGINX from Source on Centos 7

    How To Build NGINX from Source (Compile) on Centos7

    Install Docker Swarm on CentOS 7

    Install and Configure Docker Swarm Mode on Centos 7

    Install Docker Compose on Centos 7

    How To Install and Use Docker Compose on Centos 7

  • Linux
    Manage Groups on Linux

    A Simple Guide: How To Manage Groups on Linux

    Logrotate In Linux

    How To Manage Log Files Using Logrotate In Linux

    Check File Size in Linux

    The Easy Ways to Check File Size in Linux

    Linux server security system administrators

    Best Practices Linux Server Security for System Administrator

    Backup Files From Remote Linux VPS Using Rsync Script

    How To Backup Files From Remote Linux VPS Using Rsync Script

    SSH Key-based Authentication

    How To Configure SSH Key-based Authentication In Linux

    Linux File Permissions

    Understanding Linux File Permissions for Beginners

    Create Multiboot USB with Ventoy

    How To Create Multiboot USB with Ventoy in Linux

    Find Hard Disk Drive Information in Linux

    How To Find Hard Disk Drive Information in Linux

No Result
View All Result
Linux Tutorials for Beginners
  • Ubuntu
    Install and Secure phpMyAdmin on Ubuntu 22.04

    How To Install and Secure phpMyAdmin on Ubuntu 22.04

    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Ubuntu 22.04

    Install Uptime Kuma on Ubuntu 22.04

    How To Install Uptime Kuma on Ubuntu 22.04

    Install Ubuntu Server 22.04

    How To Install Ubuntu Server 22.04 LTS with Screenshots

    Set Up Firewall on Ubuntu 22.04

    How To Set Up a Firewall with UFW on Ubuntu 22.04

    Install Nginx on Ubuntu

    How To Install Nginx on Ubuntu 22.04: A Comprehensive Guide

    Install MySQL 8.0 on Ubuntu 22.04

    How To Install MySQL 8.0 on Ubuntu Server 22.04

    install-php74-ubuntu2204

    How To Install PHP 7.4 on Ubuntu 22.04

    Install Snipe-IT on Ubuntu 22.04

    How To Install Snipe-IT Asset Management on Ubuntu 22.04

  • Debian
    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Debian 11

    Install Debian 11 Server

    How To Install Debian 11 (Bullseye) Server with Pictures

    Install and Setup Node.js on Debian 11

    How To Install and Setup Node.js on Debian 11

    Install PHP 8.2 on Debian 11

    How To Install PHP 8.2 on Debian 11

    Install Nginx on Debian 11

    How To Install Nginx on Debian 11: A Comprehensive Guide

    Set Up Firewall with UFW on Debian

    How To Set Up a Firewall with UFW on Debian 11

    install php74 on debian 11

    How To Install PHP 7.4 on Debian 11

    Install MariaDB 10.9 on Debian 11

    How To Install MariaDB 10.9 on Debian 11 Server

    Initial Setup Debian Server

    Initial Setup Debian 11 Server: Secure and Efficient

  • Rocky Linux
    Install phpMyAdmin on Rocky Linux 9

    How To Install phpMyAdmin on Rocky Linux 9

    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on Rocky Linux 9

    Install Rocky Linux 9.2 Server

    How To Install Rocky Linux 9.2 Server with Screenshots

    setup Firewall Using Firewalld Rocky Linux 9

    How To Set Up a Firewall Using FirewallD on Rocky Linux 9

    Install Nginx on Rocky Linux 9

    How To Install Nginx on Rocky Linux 9: A Comprehensive Guide

    Install Apache on Rocky Linux

    How To Install and Configure Apache on Rocky Linux 9

    Install MongoDB on Rocky Linux 9

    How To Install MongoDB 6.0 on Rocky Linux 9

    Install Docker on Rocky Linux

    How To Install Docker CE on Rocky Linux 9

  • CentOS
    Secure SSH with Fail2Ban

    How To Secure SSH with Fail2Ban on CentOS 7

    Install PHP8.2 on CentOS 7

    How To Install PHP 8.2 on CentOS 7 / RHEL 7

    Install Apache on CentOS 7

    How To Install Apache Web Server on CentOS 7

    Set Up FirewallD on CentOS 7

    How To Set Up a Firewall Using FirewallD on CentOS 7

    Initial Setup CentOS 7 Server

    Initial Setup CentOS 7 Server: Secure and Efficient

    Install Nginx on CentOS 7

    How To Install Nginx on CentOS 7: A Comprehensive Guide

    Build NGINX from Source on Centos 7

    How To Build NGINX from Source (Compile) on Centos7

    Install Docker Swarm on CentOS 7

    Install and Configure Docker Swarm Mode on Centos 7

    Install Docker Compose on Centos 7

    How To Install and Use Docker Compose on Centos 7

  • Linux
    Manage Groups on Linux

    A Simple Guide: How To Manage Groups on Linux

    Logrotate In Linux

    How To Manage Log Files Using Logrotate In Linux

    Check File Size in Linux

    The Easy Ways to Check File Size in Linux

    Linux server security system administrators

    Best Practices Linux Server Security for System Administrator

    Backup Files From Remote Linux VPS Using Rsync Script

    How To Backup Files From Remote Linux VPS Using Rsync Script

    SSH Key-based Authentication

    How To Configure SSH Key-based Authentication In Linux

    Linux File Permissions

    Understanding Linux File Permissions for Beginners

    Create Multiboot USB with Ventoy

    How To Create Multiboot USB with Ventoy in Linux

    Find Hard Disk Drive Information in Linux

    How To Find Hard Disk Drive Information in Linux

No Result
View All Result
Linux Tutorials for Beginners
No Result
View All Result

Home » Rocky Linux » How To Secure SSH with Fail2Ban on Rocky Linux 9

How To Secure SSH with Fail2Ban on Rocky Linux 9

sammbysamm
October 29, 2023
Secure SSH with Fail2Ban

How To Secure SSH with Fail2Ban on Rocky Linux 9

Share on FacebookShare on LinkedinShare on Whatsapp

When it comes to securing your Rocky Linux 9 server, one of the essential aspects is protecting your SSH access. Fail2Ban is a powerful tool that can help you achieve this. In this article, we’ll guide you through the process of How To Secure SSH with Fail2Ban on Rocky Linux 9.

Table of Contents

  • Introducing Fail2Ban
  • Understanding the Importance of Security
  • What is Fail2Ban?
  • Prerequisites
  • Secure SSH with Fail2Ban
    • Step 1: SSH into Your Server
    • Step 2: Keep Your System Updated
    • Step 3: Install Fail2Ban
    • Step 4: Configuration
    • Step 5: Restart Fail2Ban
  • How Fail2Ban Works
  • Additional Security Measures
  • Conclusion

Introducing Fail2Ban

Fail2Ban is a robust intrusion prevention tool that acts as a virtual security guard for your server. It works by continuously monitoring your server’s log files and responding to suspicious login attempts. When it detects multiple failed login attempts from the same IP address, it temporarily bans that address, preventing further access. Fail2Ban plays a pivotal role in protecting your server against unauthorized access.

OTHER POSTS

How To Install phpMyAdmin on Rocky Linux 9

How To Install Rocky Linux 9.2 Server with Screenshots

How To Set Up a Firewall Using FirewallD on Rocky Linux 9

Understanding the Importance of Security

Before we dive into the technical details of SSH security and Fail2Ban, let’s grasp why it’s crucial to fortify your Rocky Linux 8 server against unauthorized access. When unauthorized individuals gain access to your server, they can potentially compromise your data, breach your security, and cause harm to your digital assets. Therefore, setting up security measures is vital.

What is Fail2Ban?

Fail2Ban is a robust intrusion prevention tool that can protect your server by monitoring and reacting to unauthorized login attempts. It scans log files and bans IP addresses that show suspicious activities. This tool acts as a virtual security guard, preventing unauthorized access to your server.

Prerequisites

Before we dive into how to protect and Secure SSH with Fail2Ban on Rocky Linux 9, make sure you have the following:

  • An active Rocky Linux 9 server and a regular user with sudo privileges. If you’re unsure about how to create a user with these privileges, feel free to check out our guide on Initial Setup Rocky Linux 9 Server: Secure and Efficient.
  • If you’d like to test the ban functionality intentionally, you may also want to have a second server ready to connect to your primary server.

Secure SSH with Fail2Ban

Now that we understand the importance of server security and the role of Fail2Ban, let’s get started with the installation and configuration process.

Step 1: SSH into Your Server

The first step is to SSH into your Rocky Linux 9 server. This requires basic knowledge of working with the command line. If you’re unfamiliar with SSH, don’t worry; we’ll guide you through this process step by step.

To begin, open your terminal and use the following command:

$ ssh your_username@your_server_ip

Replace your_username with your server’s username and your_server_ip with your server’s IP address.

Step 2: Keep Your System Updated

Before proceeding with any installation, it’s essential to ensure your system is up to date. You can do this by running the following commands:

$ sudo dnf -y update

Step 3: Install Fail2Ban

Now, it’s time to install Fail2Ban on your Rocky Linux 9 server. Use the following command:

$ sudo dnf install epel-release
$ sudo dnf install fail2ban

The first command installs the EPEL repository, which contains Fail2Ban, and the second command installs Fail2Ban itself.

After installation, Fail2Ban will automatically establish a background service. Nevertheless, it remains disabled by default due to the possibility of certain default settings causing unintended consequences. You can confirm this status by employing the systemctl command.

$ systemctl status fail2ban.service
Output
○ fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled
     Active: inactive (dead)
       Docs: man:fail2ban(1)

Step 4: Configuration

The fail2ban service keeps its configuration files in the /etc/fail2ban directory. There is a file with defaults called jail.conf. Go to that directory and print the first 20 lines of that file using head -20:

$ cd /etc/fail2ban
$ head -20 jail.conf
Output
#
# WARNING: heavily refactored in 0.9.0 release.  Please review and
#          customize settings for your setup.
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in jail.local file,
#           or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE.
#
# It will probably be overwritten or improved in a distribution update.
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file.
# See man 5 jail.conf for details.
#
# [DEFAULT]

As you peruse this file, you’ll notice that the initial lines are commented out, marked with # symbols, indicating they serve as documentation rather than actual settings. Furthermore, these comments advise against direct modifications to this file. Instead, you have two alternatives at your disposal: either fashion individual profiles for Fail2Ban within various files in the jail.d/ directory or compile and store all your local configurations in a jail.local file. The jail.conf file will undergo periodic updates as Fail2Ban receives updates, remaining a source of default settings in cases where you haven’t created any custom overrides.

For this guide, you will be creating the jail.local file. To do so, simply duplicate jail.conf:

$ sudo cp jail.conf jail.local

Now you can begin making configuration changes. Open the file in vi or your favorite text editor:

$ sudo vi jail.local
[DEFAULT]
findtime = 10m
maxretry = 5
destemail = root@localhost
sender = root@<fq-hostname>
mta = sendmail
action = %(action_)s

…
# ban & send an e-mail with whois report to the destemail.
action_mw = %(action_)s
            %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

# See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
#
# ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
# to the destemail.
action_xarf = %(action_)s
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]

# ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
# to the destemail.
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
…

This action results in the modification of three settings: it establishes a fresh default ban duration for all services, confirms the utilization of iptables for firewall configuration, and activates the sshd jail.

Step 5: Restart Fail2Ban

After making these adjustments, exit and save the new file. If you’re using nano, simply press Ctrl-X to exit, ‘y’ to save, and then press Enter to confirm the filename. With these changes saved, you can proceed to restart the Fail2Ban service using systemctl.

$ sudo systemctl restart fail2ban

The systemctl command should complete its execution silently. To confirm that the service is up and running, you can employ the fail2ban-client.

$ sudo fail2ban-client status
Output
Status
|- Number of jail:      1
`- Jail list:   sshd

You can also get more detailed information about a specific jail:

$ sudo fail2ban-client status sshd
Output
Status for the jail: sshd
|- Filter
|  |- Currently failed: 2
|  |- Total failed:     4
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   103.213.215.89

How Fail2Ban Works

Now that you’ve set up Fail2Ban, let’s understand how it works to secure your Rocky Linux 9 server.

Fail2Ban continuously scans log files, such as /var/log/secure, for suspicious login attempts. When it detects multiple failed login attempts from the same IP address, it temporarily bans that IP address. The banned IP address is prevented from connecting to your server for a predefined duration. This simple yet effective process ensures that unauthorized login attempts are thwarted, enhancing the security of your server.

Additional Security Measures

While Fail2Ban is an excellent tool for securing your Rocky Linux 9 server, it’s always a good practice to implement additional security measures. Here are some suggestions:

  1. Use Strong Passwords: Ensure that your server users have strong, unique passwords.
  2. Disable Root Login: Disable direct root login and use sudo privileges for administrative tasks.
  3. Update Regularly: Keep your system and software up to date to patch known vulnerabilities.
  4. Firewall Rules: Implement firewall rules to restrict access to your server.
  5. Two-Factor Authentication (2FA): Consider enabling 2FA for SSH access, adding an extra layer of security.

Conclusion

In this comprehensive guide, we’ve walked you through the process of securing your Rocky Linux 9 server with Fail2Ban. We’ve used familiar words and essential transition words to make the setup process easier to understand. By following these steps and implementing additional security measures, you can protect your server from unauthorized access and ensure the safety of your data and resources.

Security is an ongoing process, so be sure to regularly monitor and update your security measures to stay one step ahead of potential threats. Your Rocky Linux 9 server will thank you for it!

Also Read Our Other Guides :

  • How To Secure SSH with Fail2Ban on Ubuntu 22.04
  • How To Secure SSH with Fail2Ban on Debian 11
  • How To Secure SSH with Fail2Ban on CentOS 7

Finally, now you have learned how to protect and Secure SSH with Fail2Ban, bolster your server’s security, and keep your data safe on Rocky Linux 9.

Tags: Fail2BanFirewallRocky Linux

If you got help by our tutorials, please buy me a coffee..!

Buy Me a Coffee

Thank you so much for your support!!

Previous Post

How To Secure SSH with Fail2Ban on CentOS 7

Next Post

How To Configure SSH Key-based Authentication In Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECENT POST

Install and Secure phpMyAdmin on Ubuntu 22.04

How To Install and Secure phpMyAdmin on Ubuntu 22.04

by samm
July 22, 2024
0

Are you ready to take control of your MySQL databases on Ubuntu 22.04? In this step-by-step guide, we'll walk you...

Manage Groups on Linux

A Simple Guide: How To Manage Groups on Linux

by samm
November 12, 2023
0

Are you a Linux enthusiast looking to enhance your system administration skills? One fundamental aspect you should master is how...

Install phpMyAdmin on Rocky Linux 9

How To Install phpMyAdmin on Rocky Linux 9

by samm
November 11, 2023
0

If you're navigating the world of Rocky Linux 9 and looking to streamline your MariaDB or MySQL database management, installing...

Logrotate In Linux

How To Manage Log Files Using Logrotate In Linux

by samm
November 10, 2023
0

Log files are an essential part of any Linux system. They provide valuable insights into the system's activities, helping administrators...

Load More

RECOMMENDED.

Install Redis on Debian

How To Install Redis on Debian 11 Server

October 16, 2023
Secure SSH with Fail2Ban

How To Secure SSH with Fail2Ban on Rocky Linux 9

October 29, 2023
sammlinux sammlinux sammlinux

Related Posts

Install phpMyAdmin on Rocky Linux 9
Rocky Linux

How To Install phpMyAdmin on Rocky Linux 9

November 11, 2023
Install Rocky Linux 9.2 Server
Rocky Linux

How To Install Rocky Linux 9.2 Server with Screenshots

October 20, 2023
setup Firewall Using Firewalld Rocky Linux 9
Rocky Linux

How To Set Up a Firewall Using FirewallD on Rocky Linux 9

October 18, 2023
Install Nginx on Rocky Linux 9
Rocky Linux

How To Install Nginx on Rocky Linux 9: A Comprehensive Guide

October 16, 2023
Load More
Next Post
SSH Key-based Authentication

How To Configure SSH Key-based Authentication In Linux

  • About Us
  • Disclaimers
  • Privacy Policy
  • Sitemap

© 2023 sammlinux - Learn Today for Lead Tomorrow.

No Result
View All Result
  • Ubuntu
  • Debian
  • Rocky Linux
  • CentOS
  • Linux

© 2023 sammlinux - Learn Today for Lead Tomorrow.