How to install fail2ban?

[madhura]

Hello,
I would like to install fail2ban on my server but it was not in Epel depo and in repoforge the fail2bans' package is not compatible with systemD and FirewallD. While how can I install it from source?

Thanks.

[screwballl]

Git would be next best way until EPEL updates their repos.

https://github.com/fail2ban/fail2ban

[gareththered]

You can install it from Fedora 20's repo:

Code: Select all

wget http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/fedora/linux/updates/20/x86_64/fail2ban-0.9-2.fc20.noarch.rpm
su -c "yum install fail2ban-0.9-2.fc20.noarch.rpm

It will pull in some dependencies, but not ipset. So:

Code: Select all

su -c "yum install ipset"

Next create a new jail.local file and enable sshd:

Code: Select all

su -c "vi /etc/fail2ban/jail.local"

Add the following lines:

Code: Select all

[sshd]
enable = true
action = firewallcmd-ipset

Start it with:

Code: Select all

su -c "systemctl start fail2ban"

Monitor it with:

Code: Select all

su -c "tail -f /var/log/fail2ban.log"

You should get an entry in the log every time you unsuccessfully try to connect. If you fail too many times, you'll get a message telling you that the client has been banned:

Code: Select all

2014-07-20 10:15:09,134 fail2ban.server.filter[9944]: INFO    [sshd] Found xx.xx.7.133
2014-07-20 10:15:09,136 fail2ban.server.filter[9944]: INFO    [sshd] Found xx.xx.7.133
2014-07-20 10:15:09,138 fail2ban.server.filter[9944]: INFO    [sshd] Found xx.xx.7.133
2014-07-20 10:15:09,960 fail2ban.server.actions[9944]: NOTICE  [sshd] Ban xx.xx.7.133
2014-07-20 10:25:10,694 fail2ban.server.actions[9944]: NOTICE  [sshd] Unban xx.xx.7.133

If everything works fine, make fail2ban start at boot with:

Code: Select all

su -c "systemctl enable fail2ban"

[avij]

fail2ban is now included in EPEL7.

[sadue]

gareththered

Thanks for the tutorial. But in the tutorial, you did not specify how many times an IP will be recorded as an offended IP before it banned it. How do I go about it?

fail2ban is now included in EPEL7.

Going through the link, they said,

Description of problem: fail2ban is currently available on epel6 but is missing from epel7


Version-Release number of selected component (if applicable):


How reproducible: package is not available on epel7, making impossible to 'yum install' it


Steps to Reproduce:
1. install OS
2. install epel7
3. yum install fail2ban # fails

Actual results: fails to install


Expected results: should install as it does in epel6


Additional info:

Does it mean that, it is not yet available?
This forum post was created on 2014, and the installation instruction by gareththeredwas also given at 2014, is it still followed till now, 2016?

[TrevorH]

It's now in EPEL so you don't need to get foreign rpms from Fedora repos. Just yum --enablerepo=extras install epel-release then yum list fail2ban\* and pick the packages you want to install.

[sadue]

After adding the following lines of code,

Add the following lines:
CODE: SELECT ALL
[sshd]
enable = true
action = firewallcmd-ipset

fail2ban refused to restart with the following error report

~]# systemctl restart fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
[root@server2 ~]# systemctl status fail2ban.service

to debug this, I ran the following as instructed in the error report

Code: Select all

systemctl status fail2ban.service

then the following report was generated

~]# systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Mon 2016-01-25 11:49:25 EST; 28s ago
Docs: man:fail2ban(1)
Process: 20274 ExecStop=/usr/bin/fail2ban-client stop (code=exited, status=0/SUCCESS)
Process: 20284 ExecStart=/usr/bin/fail2ban-client -x start (code=exited, status=255)
Main PID: 20139 (code=exited, status=0/SUCCESS)

Jan 25 11:49:25 server2.myclasslist.org systemd[1]: fail2ban.service: control...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: Failed to start Fail2Ban ...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: Unit fail2ban.service ent...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: fail2ban.service failed.
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: fail2ban.service holdoff ...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: start request repeated to...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: Failed to start Fail2Ban ...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: Unit fail2ban.service ent...
Jan 25 11:49:25 server2.myclasslist.org systemd[1]: fail2ban.service failed.

Any better idea on what I did not do right and what exactly to do?

[Blisk]

I have the same problem

# systemctl restart fail2ban.service
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.

[mghe]

For ver 0.9.x

After install make file

# vim /etc/fail2ban/jail.d/sshd.local

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400


or (iptables)


[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400

[maszd]

For ver 0.9.x

After install make file

# vim /etc/fail2ban/jail.d/sshd.local

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400


or (iptables)


[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400

thank you