Security Task: Fail2Ban Configuration¶
Goal¶
Automatically ban IPs with repeated failed login attempts.
Steps¶
-
Install Fail2Ban:
dnf install fail2ban -y systemctl enable --now fail2ban -
Configure jail for SSH:
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/secure maxretry = 5 -
Reload Fail2Ban:
systemctl restart fail2ban -
View status:
fail2ban-client status sshd
Preventive Actions¶
- Whitelist internal IPs
- Enable email alerts for banned IPs
- Regularly audit the ban list
Tools¶
fail2ban,journalctl,/etc/fail2ban/jail.d/