Simple page





Wednesday, 25 April 2012 22:38

Installing fail2ban 8.4 on Centos

We will need the Epel repo for this one as this has the most updated version 8.4.29 ( you can check if something new is distributed here ).

You can find the latest release here

Or you can download the 5-4 version via


Then install with the command

rpm -Uvh 

Install gamin as it fixes a bug described at

 yum install gamin 

Then we install fail2ban

 yum --enablerepo epel install fail2ban 

Make sure yum sees the 8.4 version from epel and not another version like rpmforge. If so disable it like yum --enablerepo epel --disablerepo rpmforge install fail2ban


Fail2ban Configuration

We will re-change the default path of the fail2ban log

cd /etc/fail2ban
vi fail2ban.conf 

and change the line logtarget

logtarget = /var/log/fail2ban.log

now we will need to either change the postrotate file for the fail2ban or rm it

personally i edited the file /etc/logrotate.d/fail2ban and changed the line between postrotate and endscript into

       /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1> /dev/null || true

Now we will configure the jail.conf

Use a space for each ip you wish to prevent from being banned. We dont want to get ourselfes out right?

ignoreip = where x is your public static server ip.

Now about the rules, put enabled = true for each one you wish to enable and you need. Personally I have the following default rules set up with the changes noted bellow


logpath = /var/log/secure


logpath = /var/log/secure


action = iptables-multiport[name=apache-auth, port="http,https"]

logpath = /var/log/httpd/*error_log


logpath = /var/log/httpd/*error_log

After you have enabled each of the rules press

:wq and exit the editor.

Before we start the fail2ban service we will need to check each rule in order to make sure it is working and it will not break our configuration.

We can test eg ssh like fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf

The general rule is

fail2ban-regex Full/LoggPath /etc/fail2ban/filter.d/rulename.conf

Or you can just use a script I have found in the net that automatically checks each of your enabled rules. Please note that the script checks all log files matched - new and old ones alike and returns a total number of fails matched. If no success message is not displayed do not worry, there is simply no attack found in your log files!

You will need to copy this file to a directory of your choice.

Then chmod it


and run it


If you see an error like “: /bin/bash^M: bad interpreter: No such file or directory”

edit the file and write

:set fileformat=unix

As a last step we will need to start the service and set it to auto start on boot.

chkconfig --add fail2ban

 chkconfig fail2ban on
 service fail2ban start 
We can check if it is running ok with the command
fail2ban-client status 
If something is preventing the service to start and fails you can try to start it by
fail2ban-client start 
It will then display the reason of failure so you can fix it in the jail.conf file.
I did spend many hours trying to learn fail2ban and configure correctly various plug-ins
So I hope you will find the above information useful!
Read 8023 times Last modified on Friday, 18 November 2016 13:22

1 comment

  • Comment Link Arsia Wednesday, 01 January 2014 23:24 posted by Arsia

    Έχετε μια πολύ μεγάλη ιστοσελίδα www.digi - , Χαίρομαι που την παρατηρησα μέσω του yahoo .

Leave a comment