fail2ban is a program which monitors access logs from different services and blocks access if the access pattern looks like a brute-force attack. If there more failed logins than allowed within a given time,
fail2ban modifies the firewall to block access from the originating IP-address for some time.
This way, it provides an extra layer of security for services exposed to the internet.
Fail2ban has the concept of ‘jails’, which are daemons the service monitors, and procedures for each daemon to block access from an IP-address which has too many failed error logs.
** IMPORTANT **
fail2bandoes NOT protect against weak passwords or vulnerabilities in applications themselves. We stronly discourage you from exposing a services to the internet directly with only a password as protection. If you use passwords for authorization, we recommend you to also use an additional method for access control, such as whitelisting, or a strict firewall; preferably both.
To install fail2ban on Centos7, you’ll also need the EPEL repository. You can install the repository and fail2ban by running these commands as root (or prepend them with ‘sudo’):
yum install epel-release yum install fail2ban
On Centos 7, fail2ban is not mon By default, fail2ban is not started at boot time yet. To make fail2ban start at boot time, use
systemctl enable fail2ban
and to start it immediately, use
systemctl start fail2ban