Is anyone successfully running fail2ban
on CentOS 7 and can tell me how to do it?
I tried to install fail2ban
with yum install fail2ban
and run it (there are no extra rules in iptables -L
which seems odd according to what I found on the net).
As soon as I reboot the server I can't login as root or other user via ssh. The ports are not visible when scanning and of course I get this error when I try to connect:
ssh: connect to host XXX.XXX.XXX.XXX port 12321: Connection refused
I changed the ssh port, but I also tried it with port 22 without luck.
I wonder if someone knows a solutions to this problem?
It has to be a problem with fail2ban
because I didn't install anything else.
UPDATE
I can log in via ssh after reboot. But no html page is served. Output of iptables -L
:
Chain INPUT (policy ACCEPT) target prot opt source
destination f2b-sshd tcp — anywhere anywhere
multiport dports ssh ACCEPT all — anywhere anywhere
ctstate RELATED,ESTABLISHED ACCEPT all — anywhere
anywhere INPUT_direct all — anywhere
anywhere INPUT_ZONES_SOURCE all — anywhere
anywhere INPUT_ZONES all — anywhere
anywhere ACCEPT icmp — anywhere anywhere
REJECT all — anywhere anywhere
reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT) target prot opt source
destination ACCEPT all — anywhere anywhere
ctstate RELATED,ESTABLISHED ACCEPT all — anywhere
anywhere FORWARD_direct all — anywhere
anywhere FORWARD_IN_ZONES_SOURCE all — anywhere
anywhere FORWARD_IN_ZONES all — anywhere
anywhere FORWARD_OUT_ZONES_SOURCE all — anywhere
anywhere FORWARD_OUT_ZONES all — anywhere
anywhere ACCEPT icmp — anywhere anywhere
REJECT all — anywhere anywhere
reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT) target prot opt source
destination OUTPUT_direct all — anywhere
anywhereChain FORWARD_IN_ZONES (1 references) target prot opt source
destination FWDI_public all — anywhere
anywhere [goto] FWDI_public all — anywhere
anywhere [goto]Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt
source destinationChain FORWARD_OUT_ZONES (1 references) target prot opt source
destination FWDO_public all — anywhere
anywhere [goto] FWDO_public all — anywhere
anywhere [goto]Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt
source destinationChain FORWARD_direct (1 references) target prot opt source
destinationChain FWDI_public (2 references) target prot opt source
destination FWDI_public_log all — anywhere
anywhere FWDI_public_deny all — anywhere
anywhere FWDI_public_allow all — anywhere
anywhereChain FWDI_public_allow (1 references) target prot opt source
destinationChain FWDI_public_deny (1 references) target prot opt source
destinationChain FWDI_public_log (1 references) target prot opt source
destinationChain FWDO_public (2 references) target prot opt source
destination FWDO_public_log all — anywhere
anywhere FWDO_public_deny all — anywhere
anywhere FWDO_public_allow all — anywhere
anywhereChain FWDO_public_allow (1 references) target prot opt source
destinationChain FWDO_public_deny (1 references) target prot opt source
destinationChain FWDO_public_log (1 references) target prot opt source
destinationChain INPUT_ZONES (1 references) target prot opt source
destination IN_public all — anywhere anywhere
[goto] IN_public all — anywhere anywhere
[goto]Chain INPUT_ZONES_SOURCE (1 references) target prot opt source
destinationChain INPUT_direct (1 references) target prot opt source
destinationChain IN_public (2 references) target prot opt source
destination IN_public_log all — anywhere
anywhere IN_public_deny all — anywhere
anywhere IN_public_allow all — anywhere
anywhereChain IN_public_allow (1 references) target prot opt source
destination ACCEPT tcp — anywhere anywhere
tcp dpt:ssh ctstate NEWChain IN_public_deny (1 references) target prot opt source
destinationChain IN_public_log (1 references) target prot opt source
destinationChain OUTPUT_direct (1 references) target prot opt source
destinationChain f2b-sshd (1 references) target prot opt source
destination RETURN all — anywhere anywhere
Best Answer
I installed ~20 CentOS 7 servers with
fail2ban
out of the box and the default configuration is very open so a "connection refused" comes only after 5 failed login tries.CentOS 7 now uses
firewalld
, but a rule for ssh(22) is set up per default. If you change the ssh port insshd_config
, you also have to adjust the firewalld-rule, i.e.:Remember to run
firewall-cmd --reload
after changing configuration.Better you just test with a fresh reinstall of CentOS, install
fail2ban
, restart and I can’t see any reason why you shouldn't be able to login if it worked before (make sure that eth0 is up and has an IP address! I tend to forget "autoconnect" at installation time)