Installing Fail2Ban on a CentOS server

If you are running a predictive dialer (or any kind of Asterisk server) or a web hosting server, you have probably experienced often hacker/lamer brute force attempts. These attacks can be easily blocked by implementing optimal server configuration, using a good Firewall (i.e. SonicWall, PfSense, Tomato) etc. A very useful method of blocking brute force attacks is installing Fail2Ban, which will block the attacker from accessing your server through SSH, Asterisk… for a specified period of time after a number of unsuccessful login attempts.

The following guide explains installation of Fail2Ban service on a CentOS server.

 

1. Install

If you haven’t done it already, download the EPEL repository:

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

When the repository has been downloaded, install fail2ban:

# yum install fail2ban

 

2. Configure

Editing the main config file (jail.conf) is not something you should do. Create a local copy of the jail file:

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

 

Setup your preferences by editing the jail.local file:

# nano /etc/fail2ban/jail.local

 

You will find the Asterisk section around the middle. Make sure that you whitelist your own external IP address and to keep the 127.0.0.1 in place. We strongly suggest setting the bantime to a much higher value (i.e. one week – 604800 seconds)

 

3. Restart Fail2Ban

Restart Fail2Ban:

# sudo service fail2ban restart

 

Voila!

 

4. Adding a lamer IP address to IPTABLES

# iptables -A INPUT -s 123.456.789.012 -j DROP & iptables-save