Install and Configure Fail2ban on AlmaLinux 8: Best Setup

Install and Configure Fail2ban on AlmaLinux 8

In this article, we want to teach you how to Install and Configure Fail2ban on AlmaLinux 8. Fail2ban is an open-source tool that helps protect your Linux machine from brute force and other automated attacks by monitoring the services logs for malicious activity. It uses regular expressions to scan log files.

You can now proceed to the guide steps below on the Orcacore website to complete the Fail2ban setup on AlmaLinux 8.

Steps To Install and Configure Fail2ban on AlmaLinux 8

To install and configure Fail2ban on your server, you need to log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do these, you can check our article about the Initial Server Setup with AlmaLinux 8.

Fail2ban on AlmaLinux 8

1. Install Fail2ban on AlmaLinux 8

Fail2ban package is available in the AlmaLinux default repository. First, update your local package index with the following command:

sudo dnf update -y

Then install Fail2ban with the following command:

sudo dnf install fail2ban -y

When your installation is finished, you need to start and enable Fail2ban on AlmaLinux 8 with the following command:

sudo systemctl enable --now fail2ban

Verify that your service is active and running on your server with the following command:

sudo systemctl status fail2ban

In your output you will see:

Fail2ban status AlmaLinux 8

Now you have Fail2ban up and running on AlmaLinux 8. Let’s start to configure it.

2. Configure Fail2ban on AlmaLinux 8

The default Fail2ban installation comes with two configuration files, /etc/fail2ban/jail.conf and /etc/fail2ban/jail.d/00-firewalld.conf.

You need to create a “.local” configuration file from the default “jail.conf” file.

First copy the configuration file with the following command:

sudo cp /etc/fail2ban/jail.{conf,local}

Then, open the local configuration file with your favorite text editor here we use vi:

sudo vi /etc/fail2ban/jail.local

IP addresses, IP ranges, or hosts that you want to exclude from banning can be added to the ignoreip directive.

Fail2ban Whitelist IPs

Here you should add your local PC IP address and all other machines that you want to whitelist. Find the “ignoreip” line and uncomment it by removing the hashtag from it and adding your IP addresses separated by space:

ignoreip = 127.0.0.1/8 ::1 123.123.123.123 192.168.1.0/24

Now find the “bantime” line, the duration for which the IP is banned, by default, it is set to 10m. You can change the value to your liking:

bantime = 1d

To permanently ban the IP, you can use a negative number.

The findtime is the duration between the number of failures before a ban is set.

The maxretry is the number of failures before an IP is banned. The default value is set to five, which should be fine for most users.

Fail2ban Email Alerts

Fail2ban can send email alerts when an IP has been banned on AlmaLinux 8.

To receive email messages, you need to have an SMTP installed on your server and change the default action. It only bans the IP to this:

action = %(action_mw)s

If you want to receive the relevant logs too, you should set this to the:

action = %(action_mwl)s

Also, you can adjust the sending and receive email addresses:

destemail = admin@orcacore.com
sender = root@orcacore.com

Fail2ban jails

Fail2ban uses the concept of jails. A jail describes a service and includes filters and actions.

By default, on AlmaLinux 8, no Fail2ban jails are enabled. To enable it, find the [sshd] section and add the “enabled = true” after the jail title:

[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

When you are done, save and close the file.

Now restart Fail2ban on AlmaLinux 8 with the following command to apply these changes:

sudo systemctl restart fail2ban

Let’s see how to use Fail2ban.

3. How To Use Fail2ban on AlmaLinux 8?

Fail2ban comes with a command-line tool named fail2ban-client. You can use this command to interact with the Fail2ban service.

You can list all available options with the following command:

fail2ban-client -h

This tool can be used to ban/unban IP addresses, change settings, restart the service, and more. Here are a few examples:

To check the status of jail you can use the following command:

sudo fail2ban-client status sshd

Also, you can unban an IP with the following command:

sudo fail2ban-client set sshd unbanip 23.34.45.56

To ban an IP you can use the following command:

sudo fail2ban-client set sshd banip 23.34.45.56

Conclusion

At this point, you learn to Install and Configure Fail2ban on AlmaLinux 8. Also, you learn how to use it on your server. Fail2Ban in AlmaLinux 8 is used to protect servers from brute-force attacks by monitoring logs and blocking suspicious IP addresses automatically. It enhances security by creating firewall rules to prevent repeated failed login attempts.

Hope you enjoy it. Please subscribe to us on Facebook, YouTube, and Twitter.

Also, you may like to read the following articles:

Whitelist IPs in Fail2ban on Ubuntu and Debian

Installing Fail2ban on Debian 12

Set up Fail2ban on AlmaLinux 9

Setup Guide For Fail2ban on Ubuntu 22.04

Install Fail2ban on Rocky Linux 8

FAQs

How does Fail2Ban work?

It scans log files for failed login attempts and temporarily blocks offending IPs using firewall rules.

Where is the Fail2Ban configuration file located?

The main config file is /etc/fail2ban/jail.conf, but you should create a custom file /etc/fail2ban/jail.local to override settings.

Does Fail2Ban work with Firewalld?

Yes, Fail2Ban integrates with Firewalld to block malicious IPs automatically.

Tags
Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Related Posts

Stay informed and not overwhelmed, subscribe now!