[How to] Fail2ban on CentOS 7
-
@nadnerB It means the jail isn't setup. Go back over the text files you made with Vi in step 7 and step 5
-
Thanks @thecreativeone91
A few quick edits of enable --> enabled and a restart of the service(?) and it's good to go. -
I wrote a script to do this.
#!/bin/bash # CentOS7 Fail2Ban Install and Configure Script yum install -y epel-release fail2ban checkpolicy policycoreutils-python firewalld cat > /etc/fail2ban/jail.local << EOF [sshd] enabled = true EOF cat > fail2ban-syslog.te << EOF module fail2ban-syslog 1.0; require { type syslogd_var_run_t; type fail2ban_t; class dir read; class file read; class file open; class file getattr; } #============= fail2ban_t ============== allow fail2ban_t syslogd_var_run_t:dir read; allow fail2ban_t syslogd_var_run_t:file read; allow fail2ban_t syslogd_var_run_t:file open; allow fail2ban_t syslogd_var_run_t:file getattr; EOF checkmodule -M -m -o fail2ban-syslog.mod fail2ban-syslog.te semodule_package -o fail2ban-syslog.pp -m fail2ban-syslog.mod semodule -i fail2ban-syslog.pp systemctl start fail2ban systemctl enable fail2ban fail2ban-client status sshd echo Done!
Anything I missed?
-
@Aaron-Studer You left out the steps that create the sshd.local file. Was this intentional?
-
Seems like Fail2Ban stops logging after a log rotation. Anyone else run into this?
-
@Danp said:
Seems like Fail2Ban stops logging after a log rotation. Anyone else run into this?
I don't think Fail2ban likes log rotate.
-
@thecreativeone91 said:
I don't think Fail2ban likes log rotate.
Looks that way. I found this, but it's for an older version of both F2B and Centos.
-
Added "copytruncate" to the F2B logrotate configuration file and then ran a manual log rotation. Seemed to work ok (system is still logging to fail2ban.log), but I will continue to monitor.
-
When I do
fail2ban-client status sshd
I get
[root@dc fail2ban]# fail2ban-client status sshd
ERROR NOK: ('sshd',)
Sorry but the jail 'sshd' does not existWhen I check the audit logs I get logs....
-
@Sparkum What do you get when you enter the following?:
fail2ban-client status
-
[root@dc fail2ban]# fail2ban-client status
Status
|- Number of jail: 0
`- Jail list: -
Did you follow the steps and create the jail.local file?
-
Yep
-
Noticed the problem happened below.
Changed "enabled" to "enable" and looks like it works.
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
|- File list: /var/log/secure
- Actions
|- Currently banned: 0
|- Total banned: 0
`- Banned IP list:Much appreciated thanks
-
@Sparkum That's strange, b/c I believe "enabled" is the correct entry.