fail2ban-setup-almalinux.md

Fail2Ban Configuration for AlmaLinux

Step 1: Update Your System

First, ensure your system is up-to-date:

sudo dnf update -y

Step 2: Install Fail2Ban

Install Fail2Ban using the following command:

sudo dnf install fail2ban -y

Step 3: Enable and Start Fail2Ban Service

After installation, enable and start the Fail2Ban service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Step 4: Configure Fail2Ban

The main configuration file is located at /etc/fail2ban/jail.conf. It’s best practice to copy this file to jail.local for customization:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open jail.local with your preferred text editor:

sudo nano /etc/fail2ban/jail.local

Step 5: Configure Jails

Inside jail.local, you can enable and configure jails. The [DEFAULT] section allows you to set general settings:

[DEFAULT]
ignoreip = 127.0.0.1/8   # Whitelisted IP addresses
bantime  = 10m            # Ban duration (10 minutes)
findtime = 10m            # Time frame to find failures
maxretry = 5              # Number of failures before a ban

Next, you can enable specific services (jails) such as SSH. Look for the [sshd] section and configure it as follows:

[sshd]
enabled = true

Step 6: Restart Fail2Ban

After making your changes, restart the Fail2Ban service to apply the new configuration:

sudo systemctl restart fail2ban

Step 7: Check Fail2Ban Status

To check the status of Fail2Ban and see if it’s active, run:

sudo systemctl status fail2ban

You can also check the status of specific jails:

sudo fail2ban-client status

To check the status of a specific jail (e.g., SSH), use:

sudo fail2ban-client status sshd

Step 8: Monitor Fail2Ban Logs

To monitor what Fail2Ban is doing, you can check the log file located at:

/var/log/fail2ban.log

Conclusion

You have successfully configured Fail2Ban on AlmaLinux. This should help protect your server from unauthorized access attempts. Adjust the configurations as necessary based on your specific use cases and security needs.