How to install Fail2ban on ClearOS

This page is deprecated and will eventually be deleted, because of the New Attack Detector app from ClearOS (Fail2ban)

Please see: How to install Attack Detector (Fail2ban) on ClearOS

Make sure the clearos-epel repository is enabled

yum --enablerepo=clearos-centos,centos-updates-unverified install fail2ban fail2ban-systemd

In ClearOS 7, it is very important the sub package systemd is installed. By default, fail2ban won't do anything out of the box. You need to tell it what to do.

Edit or create a file in /etc/fail2ban/jail.d/99-fail2ban by type in CLI

nano /etc/fail2ban/jail.d/99-fail2ban

and put this content.

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]                                         
           sendmail-whois[name=SSH, dest=sysadmin@example.com, sender=example@example.com]
maxretry = 2
bantime  = 3600

Edit /etc/fail2ban/jail.conf and turn on the enable flag to true. By default all is off.

nano /etc/fail2ban/jail.conf

In nano editor, search all (Ctrl+W+Enter for next search) enabled = false and replace false by true.

This will start blocking. This configuration will ban for 1 hour. To finish, do the following.

systemctl enable fail2ban
systemctl start fail2ban