Setting Up Fail2Ban on CentOS/RedHat to Secure SSH and FTP Services

Protecting your SSH and FTP services from brute force attacks is crucial for maintaining the security and performance of your servers. This detailed guide will walk you through the process of installing and configuring Fail2Ban on CentOS or RedHat systems, ensuring your services are safeguarded against unauthorized access attempts.

What is Fail2Ban?

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. By monitoring log files for suspicious activity and adjusting firewall rules to block potentially malicious IPs, Fail2Ban helps maintain server integrity and performance.


Before you begin, make sure you have:

Installing Fail2Ban

First, update your system's package index and install Fail2Ban using the following commands:

    sudo yum update
    sudo yum install epel-release
    sudo yum install fail2ban

Once installed, enable and start the Fail2Ban service:

    sudo systemctl enable fail2ban
    sudo systemctl start fail2ban

Configuring Fail2Ban

Fail2Ban configurations are handled through jail files. Let’s create a custom jail configuration for SSH and FTP services.

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the /etc/fail2ban/jail.local file to configure the SSH and FTP jails:

    enabled = true
    port = ssh
    filter = sshd
    logpath = /var/log/auth.log
    maxretry = 5
    bantime = 600

    enabled = true
    port = ftp
    filter = vsftpd
    logpath = /var/log/vsftpd.log
    maxretry = 5
    bantime = 600

This configuration enables Fail2Ban for SSH and FTP services, specifying log paths and rules for banning IPs after consecutive failed login attempts.

Testing Fail2Ban Configuration

After configuring Fail2Ban, it's important to test if the jails are functioning as expected. Use the following command to check the status of a jail:

    sudo fail2ban-client status sshd
    sudo fail2ban-client status vsftpd

This command displays the current status of SSH and FTP jails, including active bans.

Maintaining and Monitoring Fail2Ban

Regular monitoring and maintenance of Fail2Ban are vital for ongoing protection. Review the Fail2Ban log files to ensure that it is functioning properly:

    sudo less /var/log/fail2ban.log


Setting up Fail2Ban on your CentOS or RedHat server can significantly enhance the security of your SSH and FTP services by protecting against brute force attacks. Regularly update your configurations as needed to adapt to new security challenges.