yum install fail2ban
$ yum install fail2ban
Loaded plugins: langpacks, ulninfo
Resolving Dependencies
--> Running transaction check
---> Package fail2ban.noarch 0:0.9.6-3.el7 will be installed
--> Processing Dependency: fail2ban-sendmail = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Processing Dependency: fail2ban-server = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Processing Dependency: fail2ban-firewalld = 0.9.6-3.el7 for package: fail2ban-0.9.6-3.el7.noarch
--> Running transaction check
---> Package fail2ban-firewalld.noarch 0:0.9.6-3.el7 will be installed
---> Package fail2ban-sendmail.noarch 0:0.9.6-3.el7 will be installed
---> Package fail2ban-server.noarch 0:0.9.6-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================
Installing:
fail2ban noarch 0.9.6-3.el7 ol7_developer_EPEL 11 k
Installing for dependencies:
fail2ban-firewalld noarch 0.9.6-3.el7 ol7_developer_EPEL 11 k
fail2ban-sendmail noarch 0.9.6-3.el7 ol7_developer_EPEL 13 k
fail2ban-server noarch 0.9.6-3.el7 ol7_developer_EPEL 285 k
Transaction Summary
===================================================================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 320 k
Installed size: 933 k
Is this ok [y/d/N]: y
Downloading packages:
(1/4): fail2ban-firewalld-0.9.6-3.el7.noarch.rpm | 11 kB 00:00:03
(2/4): fail2ban-0.9.6-3.el7.noarch.rpm | 11 kB 00:00:03
(3/4): fail2ban-sendmail-0.9.6-3.el7.noarch.rpm | 13 kB 00:00:00
(4/4): fail2ban-server-0.9.6-3.el7.noarch.rpm | 285 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------
Total 71 kB/s | 320 kB 00:00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : fail2ban-server-0.9.6-3.el7.noarch 1/4
Installing : fail2ban-firewalld-0.9.6-3.el7.noarch 2/4
Installing : fail2ban-sendmail-0.9.6-3.el7.noarch 3/4
Installing : fail2ban-0.9.6-3.el7.noarch 4/4
Verifying : fail2ban-server-0.9.6-3.el7.noarch 1/4
Verifying : fail2ban-firewalld-0.9.6-3.el7.noarch 2/4
Verifying : fail2ban-0.9.6-3.el7.noarch 3/4
Verifying : fail2ban-sendmail-0.9.6-3.el7.noarch 4/4
Installed:
fail2ban.noarch 0:0.9.6-3.el7
Dependency Installed:
fail2ban-firewalld.noarch 0:0.9.6-3.el7 fail2ban-sendmail.noarch 0:0.9.6-3.el7 fail2ban-server.noarch 0:0.9.6-3.el7
Complete!
edit jail.local
- create filters and jail.local for nginx cf. https://gist.github.com/JulienBlancher/48852f9d0b0ef7fd64c3
$ cp jail.conf jail.local
edit
jail.local
#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
#
# HTTP servers
#
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx/*error*.log
[nginx-login]
enabled = true
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1
[nginx-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
logpath = /var/log/nginx/*access*.log
maxretry = 1
[nginx-proxy]
enabled = false
action = iptables-multiport[name=NoProxy, port="http,https"]
filter = nginx-proxy
logpath = /var/log/nginx/*access*.log
maxretry = 0
[nginx-dos]
enabled = true
port = http
filter = nginx-dos
logpath = /var/log/nginx/*access*.log
findtime = 120
maxretry = 200