Protect Linux Server with Fail2Ban

Whenever I ssh login to my Linux VPS, I always get this message:

Last failed login: Sat Feb 27 23:26:43 EST 2016 from on ssh:notty
There were 6166 failed login attempts since the last successful login.
Last login: Sun Jan 17 01:41:33 2016 from

There were few hundred of brute force login attempts every day from all over the world trying to hack into my Linux VPS. When you check on the /var/log/secure log, you’ll find lots of similar message like below:

ssh login failure

Feb 27 17:34:50 localhost sshd[14011]: Failed password for root from port 35161 ssh2
Feb 26 02:59:12 localhost sshd[7115]: Failed password for root from port 41115 ssh2
Feb 27 01:12:05 localhost sshd[11033]: Failed password for root from port 49786 ssh2

All these attempts are from automated bots or scripts. If I didn’t do anything to protect my Linux VPS, eventually, they might succeed to find out the password.
So, how do I protect my Internet facing server from being hacked?

An open source software named Fail2ban can mitigate this security risk by creating firewall rules that automatically a based on a predefined number of unsuccessful login attempts.

How to install Fail2ban?

First, get the EPEL:

yum install epel-release

Second, install the fail2ban package:

yum install fail2ban

Dependencies Resolved

Package Arch Version Repository Size
fail2ban noarch 0.9.3-1.el7 epel 9.7 k
dracut x86_64 033-360.el7_2 updates 311 k
initscripts x86_64 9.49.30-1.el7 base 429 k
Installing for dependencies:
fail2ban-firewalld noarch 0.9.3-1.el7 epel 9.9 k
fail2ban-sendmail noarch 0.9.3-1.el7 epel 13 k
fail2ban-server noarch 0.9.3-1.el7 epel 395 k
ipset x86_64 6.19-4.el7 base 36 k
ipset-libs x86_64 6.19-4.el7 base 46 k
systemd-python x86_64 219-19.el7_2.4 updates 98 k
Updating for dependencies:
dracut-config-rescue x86_64 033-360.el7_2 updates 49 k
dracut-network x86_64 033-360.el7_2 updates 90 k
kmod x86_64 20-5.el7 base 114 k
libgudev1 x86_64 219-19.el7_2.4 updates 65 k
systemd x86_64 219-19.el7_2.4 updates 5.1 M
systemd-libs x86_64 219-19.el7_2.4 updates 357 k
systemd-sysv x86_64 219-19.el7_2.4 updates 52 k

Transaction Summary
Install 1 Package (+6 Dependent packages)
Upgrade 2 Packages (+7 Dependent packages)

Total download size: 7.2 M
Is this ok [y/d/N]: y

Press y and Enter when prompted to continue.

3. Once the installation has finished, use systemctl to enable the fail2ban service:
For CentOS 7
systemctl enable fail2ban
for CentOS 5/6
service fail2ban start.

In next post, I will explain on the Fail2bad configuration.

Posted in General Tagged with:

Leave a Reply