Fail2Ban on Centos 7
From Kolmisoft Wiki
Jump to navigationJump to search
Description
Fail2ban behaves somewhat different in MOR with Centos 7, because more rescent (0.9.7) fail2ban version is used as opposed to 0.8.4 used in Centos 6 installation. One of main differences between these versions, is that on Centos 7 fail2ban after restart will not loose blocked IPs, as they are saved into local fail2ban sqllite3 database.
Installation and Update
On Centos 7, fail2ban installation and latest configuration update can be achieved using one fail2ban_install_c7.sh script:
/usr/src/mor/x13/helpers/fail2ban_install_c7.sh
This script will install and or update fail2ban configuration to latest revision.
Usage
- To list active jails, use command fail2ban-client status
[root@localhost ~]# fail2ban-client status Status |- Number of jail: 7 `- Jail list: ast-cli-attack, ast-hgc-200, asterisk-iptables, asterisk-manager, mor_api, mor_ddos, ssh-iptables [root@localhost ~]#
- To list more information for specific jails, use fail2ban-client status JAILNAME
[root@localhost ~]# fail2ban-client status ssh-iptables Status for the jail: ssh-iptables |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /var/log/secure `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:
- To unblock IP from fail2ban chain, use command fail2ban-client set JAILNAMEHERE unbanip IPADDRESS. It is important to understand that JAILNAME is not the same as fail2ban chain name in iptbales -L output. In all fail2ban jails included in default MOR installation, jail name is the same as jail definition, so you need only remove f2b from chain name. In other words, if IP 12.23.44.55 is blocked under iptables chain f2b-ssh-iptables, then JAILNAME will be ssh-iptables
fail2ban-client set ssh-iptables unbanip 12.23.44.55
Important If IP is blocked by fail2ban and you will unblock IP using manual iptables commands, after fail2ban restart such IP will be blocked again. To permanently unblock IP, use command above.