because configuration settings in fail2ban 0.9.0 having been completely re-factored, CentOS7 fail2ban hardening automation now is not safe by merely running an yum install fail2ban.<\/p>\n
It will also apparently no longer work if you uncomment the sshd enabled jail in local.conf or jail.conf.<\/p>\n
The newer re-factored configuration suggests to use a dedicated file for this to prevent being overwritten as I have now set in my \/etc\/fail2ban\/jail.d\/sshd.local<\/p>\n[sshd]\nenabled = true
\nport = ssh
\n#action = firewallcmd-ipset
\nlogpath = %(sshd_log)s
\nmaxretry = 5
\nbantime = 86400<\/p>\n
Do note firewallcmd-ipset needs to be commented out or fail2ban will not start.<\/p>\n
Once it has been configured like this, it is happy again. And worked straight away banning my home IP! Whilst before it was quite literally failing to ban :- )<\/p>\n
Of course you might need to install it first:<\/p>\n
\r\nyum install -y epel-release\r\nyum install -y fail2ban fail2ban-systemd\r\n<\/pre>\nYou might also want to start fail2ban, and also set it to run on startup:<\/p>\n
\r\nsystemctl enable fail2ban\r\nsystemctl start fail2ban\r\n<\/pre>\nIf you run selinux, then you’ll need (running this command may have security implications)<\/p>\n
\r\nyum update selinux-policy*\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"because configuration settings in fail2ban 0.9.0 having been completely re-factored, CentOS7 fail2ban hardening automation now is not safe by merely running an yum install fail2ban. It will also apparently no longer work if you uncomment the sshd enabled jail in … Continue reading