# part 1: installation
yum install epel-release
yum install fail2ban
# part 2: configure local settings
#
# You can find a file with default values called `/etc/fail2ban/jail.conf`.
# Since this file may be overwritten by package upgrades, we shouldn't edit it in-place.
# Instead, we'll write a new file called `/etc/fail2ban/jail.local`.
# Any values defined in `jail.local` will override those in `jail.conf`.
# https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7
#
# below settings are for fail2ban v0.9.6, older versions have DIFFERENT options
vim /etc/fail2ban/jail.local
[DEFAULT]
bandtime = 3600
[sshd]
enabled = true
# part 3: start fail2ban-server
service fail2ban start
service fail2ban status
fail2ban-client status sshd
# part 4: start fail2ban service on boot
chkconfig --list fail2ban
# fail2ban has been set to start on boot by default, if not, then:
chkconfig --add fail2ban