• WordPress
  • cPanel
  • Softaculous
  • KVM Virtualization
  • Vmware Virtualization
  • Proxmox
Thursday, November 21, 2024
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
No Result
View All Result
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux
LinuxBoost
  • Home
  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Ubuntu
  • Red Hat Enterprise Linux
  • Rocky Linux
  • OpenSUSE
  • Arch Linux
  • Oracle Linux

How to Install & configure Fail2ban on Arch Linux

in Arch Linux, Linux OS
How to Install & configure Fail2ban on Arch Linux

Fail2ban is a powerful security tool that helps protect your Arch Linux server against brute-force attacks. By scanning log files and detecting suspicious activity, Fail2ban can block IPs attempting to gain unauthorized access. In this comprehensive guide, we’ll walk you through the process of how to install & configure Fail2ban on Arch Linux.

How to Install & configure Fail2ban on Arch Linux

Prerequisites

Before we begin, ensure you have the following:

  • A running Arch Linux system with root access.
  • SSH and Git installed.

Installing Fail2ban on Arch Linux

First, we need to install the Fail2ban package from the Arch User Repository (AUR). We’ll use yay as our AUR helper. If you don’t have yay installed, you can install it by following these steps:

sudo pacman -S --needed git base-devel
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si

Once yay is installed, use it to install Fail2ban:

yay -S fail2ban

Enable and Start Fail2ban Service on Arch Linux

Now that Fail2ban is installed, enable and start the service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

To check the status of the Fail2ban service, use:

sudo systemctl status fail2ban

If the service is running correctly, you’ll see an output similar to:

● fail2ban.service - Fail2Ban Service
   Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2023-04-10 12:00:00 UTC; 1min ago

How toConfigure Fail2ban on Arch Linux

Fail2ban uses configuration files located in the /etc/fail2ban directory. The primary configuration file is jail.conf, which contains default settings for various services. However, it’s recommended to create a local configuration file (jail.local) to override these settings.

To create a jail.local file, use:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now, edit the jail.local file with your preferred text editor, such as Vim or Nano:

sudo vim /etc/fail2ban/jail.local

Configure Default Settings on Arch Linux

Find the [DEFAULT] section and modify the settings as needed. For example, you can adjust the bantime, findtime, and maxretry values:

[DEFAULT]

# "bantime" is the duration in seconds for which an IP is banned.
bantime = 3600

# "findtime" is the time window in seconds during which "maxretry" failures must occur.
findtime = 600

# "maxretry" is the number of failures before an IP is banned.
maxretry = 5

Configure SSH Protection

To protect your SSH service, find the [sshd] section and ensure it’s enabled:

[sshd]
enabled = true

Feel free to customize the port and logpath settings if you’re using a non-standard SSH configuration, such as a custom SSH port

Configuring Fail2ban

After installing Fail2ban, you’ll need to configure it. Fail2ban uses configuration files located in /etc/fail2ban/. The main configuration file is jail.local. To create this file, you can copy the default configuration file jail.conf:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now, open the jail.local file using your favorite text editor. In this example, we’ll use Vim:

sudo vim /etc/fail2ban/jail.local

Inside the jail.local file, you can customize settings such as bantime, findtime, and maxretry. For example:

[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5

These settings ban an IP address for one hour (bantime) if it has five failed login attempts (maxretry) within ten minutes (findtime).

Save and close the file.

Enable and Start Fail2ban

To enable and start the Fail2ban service, run the following commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Monitor Fail2ban Logs

Fail2ban logs its actions in /var/log/fail2ban.log. You can monitor the log to see if any IP addresses are banned. Use the tail command to watch the log file in real-time:

sudo tail -f /var/log/fail2ban.log

Conclusion

Congratulations! You have successfully installed and configured Fail2ban on Arch Linux. With Fail2ban, you can now protect your server from brute force attacks and other malicious activities.

If you’re looking to further secure your Arch Linux server, consider changing the SSH port or installing a Let’s Encrypt SSL certificate. For more Arch Linux tutorials, check out our other guides, such as installing Ruby or setting up an OpenVPN server.

ShareTweet
Previous Post

Install & Configure OpenVPN Server on Arch Linux

 Next Post

How to Enable Two-Factor Authentication on Arch Linux

Related Posts

How to Install Tomcat on Rocky Linux

How to Install Apache Tomcat on Rocky Linux

How to Set up NTP Server on Rocky Linux

How to Set up NTP Server on Rocky Linux

How to Install Bacula Backup Server on Rocky Linux

How to Install Bacula Backup Server on Rocky Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Golden Host VPS
  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.

  • Privacy Policy
  • Terms and Conditions
  • About Us
  • Contact Us

Copyright © 2023 linuxboost.com All Rights Reserved.