How to Install Fail2Ban to Secure SSH Server on Fedora

Fail2ban is an open-source intrusion prevention tool used to add firewall rules to reject IP addresses for a specified amount of time. It is written in Python and designed to protect servers from brute-force attacks. Fail2ban continuously monitors the system logs for any malicious activity and scans files for any entries matching identified patterns. If any matching pattern is found, then Fail2ban blocks the destination IP for a specified amount of time.

In this post, we will show you how to install Fail2ban to protect the SSH server on Fedora.

Step 1 – Install Fail2ban

By default, Fail2ban is included in the Fedora default repository. You can install it by running the following command.

dnf install fail2ban -y

Once the Fail2ban is installed, start and enable the Fail2ban service using the following command.

systemctl start fail2ban
systemctl enable fail2ban

Step 2 – Configure Fail2ban

Next, you will need to create a Fail2ban configuration file for SSH service. You can create it with the following command.

nano /etc/fail2ban/jail.local

Add the following lines.

[DEFAULT]
ignoreip = your-server-ip
bantime = 300
findtime = 300
maxretry = 3
banaction = iptables-multiport
backend = systemd

[sshd]
enabled = true

Save and close the file, then restart the Fail2ban to apply the changes.

systemctl restart fail2ban

You can also check the status of Fail2ban with the following command.

systemctl status fail2ban

Output.

● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2023-06-24 03:55:11 EDT; 7s ago
       Docs: man:fail2ban(1)
    Process: 12514 ExecStartPre=/bin/mkdir -p /run/fail2ban (code=exited, status=0/SUCCESS)
   Main PID: 12515 (fail2ban-server)
      Tasks: 5 (limit: 9497)
     Memory: 11.4M
        CPU: 257ms
     CGroup: /system.slice/fail2ban.service
             └─12515 /usr/bin/python3 -s /usr/bin/fail2ban-server -xf start

Jun 24 03:55:11 fedora systemd[1]: Starting Fail2Ban Service...
Jun 24 03:55:11 fedora systemd[1]: Started Fail2Ban Service.
Jun 24 03:55:11 fedora fail2ban-server[12515]: Server ready

Step 3 – Verify Fail2ban

At this point, Fail2ban is installed and configured to protect your SSH server. Now, it’s time to verify it.

First, check the added SSH service using the following command.

fail2ban-client status

Output.

Status
|- Number of jail:	1
`- Jail list:	sshd

Try to connect your SSH server from any remote machine with an incorrect password three times.

ssh root@your-server-ip

After three failed attempts you are blocked from authentication for five minutes.

Now, run the following command on your SSH server to check the IP address blocked by Fail2ban.

fail2ban-client status sshd

You will see the following output.

Status for the jail: sshd
|- Filter
|  |- Currently failed:   3
|  |- Total failed:          12
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 1
   |- Total banned:        2
   `- Banned IP list:     190.1.81.12

You can also check the log file to see the blocked IP.

tail -5 /var/log/secure | grep 'Failed password'

Output:

June  24 03:15:03 fedora sshd[11196]: Failed password for invalid user root from 190.1.81.12 port 55738 ssh2

If you want to unblock the blocked IP address, run the following command.

fail2ban-client set sshd unbanip 190.1.81.12

You can also block this IP again using the following command.

fail2ban-client set sshd banip 190.1.81.12

Conclusion

In this post, we explained how to secure an SSH server with Fail2ban on Fedora. We also showed you how to monitor Fail2ban via the command line. You can now use Fail2ban to help protect your server against DDoS attacks; try implementing Fail2ban on dedicated server hosting from Atlantic.Net!