Install Fail2ban on CentOS7

Fail2ban helps to protect servers from brute-force attacks. It bans malicious IPs from accessing SSH.

Part I – Fail2ban with FirewallD
  1. Install fail2ban from EPEL repo.
  2. Deal with SELinux, there are two options to choose from.
    • Update SELinux Policy

      OR Disable SELinux

  3. Configure fail2ban, we decide to use FirewallD which is implemented by default in CentOS 7.
    Put the following lines in /etc/fail2ban/jail.d/sshd.local


  4. Enable and start fail2ban.