Install Fail2Ban on CentOS 5.5

The installation process for Fail2Ban (a brute force protection application) on CentOS 5.5. is as follows –

Login to your server as root, then:

wget http://downloads.sourceforge.net/project/fail2ban/fail2ban-stable/fail2ban-0.8.4/fail2ban-0.8.4.tar.bz2?use_mirror=transact

tar -xf fail2ban-0.8.4.tar.bz2

cd fail2ban-0.8.4

python setup.py install

cp files/redhat-initd /etc/init.d/fail2ban

chkconfig --add fail2ban

chkconfig fail2ban on

Once the installation is complete open the jail.conf configuration:

nano -w /etc/fail2ban/jail.conf

Review the sections e.g. [ssh-iptables]), and change the ones you would like enabled to ‘= true’

You will also need to define your email address and log locations, for example:

sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/sshd.log

This should become (example):

sendmail-whois[name=SSH, [email protected], [email protected]]
logpath  = /var/log/secure


Once you have completed the configuration of the jail.conf file you will need to start fail2ban’s service:

service fail2ban start

You can test the rules per service using:

fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The defaults should work correctly for SSH but if they don’t, check out this article for more options.

Search this site for information on setting up Fail2Ban for Asterisk, Courier-IMAP, Horde and other Linux services.