Using Fail2Ban to secure SSH server on Fedora 34 or newer
Introduction
Fail2ban is a helpful open-source tool that prevents intrusion by adding firewall rules to reject IP addresses for a specified period. It is written in Python and is designed to protect servers from brute-force attacks. Fail2ban continuously monitors system logs for any malicious activity and scans files for any entries that match identified patterns. If any matching pattern is found, Fail2ban blocks the destination IP for a specified amount of time. In this tutorial, you will learn how to install Fail2ban to protect the SSH server on Fedora 34 or newer.
Requirements
The following is a list of items needed to complete the installation successfully:
1) A computer with 4GB RAM, a dual core processor and 50GB of free disk space
2) An SSH client such as PuTTy or the MacOS terminal app
3) Cloud Servers: A public static IPv4 or IPv6 address
4) A fully qualified domain name pointing to the IP address of the Fedora 34 server
5) A stable internet connection.
1) A computer with 4GB RAM, a dual core processor and 50GB of free disk space
2) An SSH client such as PuTTy or the MacOS terminal app
3) Cloud Servers: A public static IPv4 or IPv6 address
4) A fully qualified domain name pointing to the IP address of the Fedora 34 server
5) A stable internet connection.
Overview
The following is an overview of the steps covered in this guide:
1) Update the system
2) Download and install Fail2Ban
3) Configure Fail2Ban
4) Test the Fail2Ban configuration
5) Conclusion and next steps
1) Update the system
2) Download and install Fail2Ban
3) Configure Fail2Ban
4) Test the Fail2Ban configuration
5) Conclusion and next steps
Step 1: Update the system
To update Fedora, you can use the built-in package manager called DNF (Dandified Yum). Here are the steps:
1. Open your terminal by pressing “Ctrl + Alt + T” on your keyboard.
2. Type the following command and hit enter to update your package repository information:
4. Wait for the updates to download and install. This may take some time depending on the number and size of the updates.
5. Once the updates are installed, restart your computer to apply any system-wide changes.
That’s it! Your Fedora system is now up to date.
1. Open your terminal by pressing “Ctrl + Alt + T” on your keyboard.
2. Type the following command and hit enter to update your package repository information:
sudo dnf update3. If there are any updates available, you will be prompted to confirm the installation. Type “y” and hit enter to start the update process.
4. Wait for the updates to download and install. This may take some time depending on the number and size of the updates.
5. Once the updates are installed, restart your computer to apply any system-wide changes.
That’s it! Your Fedora system is now up to date.
Step 2: Download and install Fail2Ban
Fail2ban is included in the Fedora default repository. To install it, you can run the following command:
dnf install fail2ban -y`After installing Fail2ban, start and enable the Fail2ban service by running the following commands:
systemctl start fail2ban systemctl enable fail2ban
Step 3: Configure Fail2Ban
To configure Fail2ban for SSH service, you will need to create a configuration file. To create it, enter the following command into the terminal:
nano /etc/fail2ban/jail.localIn the file, add the following lines:
[DEFAULT] ignoreip = your-server-ip bantime = 300 findtime = 300 maxretry = 3 banaction = iptables-multiport backend = systemd [sshd] enabled = trueSave and close the file. Then, restart the Fail2ban service with the following command:
systemctl restart fail2banYou can also check the status of Fail2ban with the command:
systemctl status fail2ban
Step 4: Test the Fail2Ban configuration
The final step is testing the configuration. First, check the SSH service added using the command
fail2ban-client statusThe output should show the status of the jail and the jail list. To test the Fail2ban setup, try to connect to your SSH server remotely from any machine with an incorrect password three times. After three failed attempts, you will be blocked from authentication for five minutes. To check the IP address blocked by Fail2ban, run the command
fail2ban-client status sshdon your SSH server. The output should display the jail’s status, including the filter, actions, and the banned IP address list. If you want to check the log file for any blocked IPs, use the command
tail -5 /var/log/secure | grep 'Failed password'The output will show the failed login attempts along with the IP address. If you want to unblock any blocked IP address, run the command
fail2ban-client set sshd unbanip 190.1.81.12You can also block an IP address again using the command
fail2ban-client set sshd banip 190.1.81.12
Conclusion and next steps
In conclusion, Fail2ban is a powerful tool that can significantly improve the security of your SSH server on Fedora 34 or newer by protecting it from brute-force attacks. By following the steps outlined in this tutorial, you can easily install, configure, and test Fail2ban to secure your server. Remember to keep Fail2ban updated and adjust the configuration according to your specific needs.
Here are some additional steps you may consider to further enhance your server’s security:
1) Implement strong passwords: Enforce complex and unique passwords for all SSH user accounts.
2) Regularly update your system: Keep Fedora up to date with the latest security patches.
3) Monitor your logs: Regularly review your system logs for any suspicious activity.
By following these practices, you can create a more robust security posture for your SSH server.
1) Implement strong passwords: Enforce complex and unique passwords for all SSH user accounts.
2) Regularly update your system: Keep Fedora up to date with the latest security patches.
3) Monitor your logs: Regularly review your system logs for any suspicious activity.
By following these practices, you can create a more robust security posture for your SSH server.