How to Install Fail2ban under AlmaLinux 9?

yum install epel-release
——————————
dnf install fail2ban

Installed:
esmtp-1.2-19.el9.x86_64 fail2ban-1.0.2-12.el9.noarch
fail2ban-firewalld-1.0.2-12.el9.noarch fail2ban-selinux-1.0.2-12.el9.noarch
fail2ban-sendmail-1.0.2-12.el9.noarch fail2ban-server-1.0.2-12.el9.noarch
libesmtp-1.0.6-24.el9.x86_64 liblockfile-1.14-10.el9.0.1.x86_64

Complete!

——————————
fail2ban-client start

Server ready

——————————
Check fail2ban is working or not! working
pstree | grep fail2ban

|-fail2ban-server—2*[{fail2ban-server}]

Another method checking fail2ban working or not!

fail2ban-client ping

Server replied: pong
——————————
When anything about fail2ban modified, reload fail2ban!
fail2ban-client reload

fail2ban-client restart

fail2ban-client stop

——————————
Let fail2ban run automatically while system boot or reboot.

systemctl enable fail2ban

Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service ? /usr/lib/systemd/system/fail2ban.service.

——————————

systemctl status fail2ban

? fail2ban.service – Fail2Ban Service
Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; enabled; preset: disabled)
Active: inactive (dead)
Docs: man:fail2ban(1)

——————————

fail2ban-client status

Status
|- Number of jail: 0
`- Jail list:

——————————
fail2ban-client status sshd

fail2ban-client unban 192.168.2.102
fail2ban-client unban –all

iptables -L -n

init 6 = reboot

===========================================

 

/etc/fail2ban/filter.d/nginx-4xx.conf

[Definition]
failregex = ^<HOST>.*”(GET|POST).*” (404|444|403|400) .*$
ignoreregex =

 

/etc/fail2ban/jail.local

add the following code at the end of jail.local

 

[nginx-4xx]
enabled = true
port = http,https
filter = nginx-4xx
logpath = /home/wwwlogs/access.log
action = iptables-multiport[name=404, port=”http,https”, protocol=tcp]
bantime = 1800
findtime = 30
maxretry = 5

===========================================

/etc/fail2ban/jail.d/sshd.local

[sshd]
enabled = true

# Override the default global configuration
# for specific jail sshd
logpath = /home/wwwlogs/access.log
bantime = 1d
maxretry = 1

===========================================

/etc/fail2ban/filter.d/nginx-cc.conf

[Definition]
failregex = <HOST> -.*- .*HTTP/1.* .* .*$
ignoreregex =

 

/etc/fail2ban/jail.d/nginx-cc.local

[nginx-cc]
enabled = true
port = http,https
filter = nginx-cc
action = %(action_mwl)s
maxretry = 200
findtime = 10
bantime = 86400
logpath = /home/wwwlogs/access.log

 

===========================================

How to Ignore Google Bots on Fail2Ban?

cd /usr/local/bin

touch ignore_ip_check.sh && chmod +x ./ignore_ip_check.sh

Edit the file and add the following contents:

#!/bin/bash
IP=”$1″
HOSTRESULT=”$(host -W 1 ${IP})”
REGEX=’.*(googlebot\.com\.|google\.com\.)’
if [[ “$HOSTRESULT” =~ $REGEX ]]; then exit 0; else exit 1; fi

 

Update jail.local
Now, in /etc/fail2ban, edit the jail.local file.

There is a section for ignorecommand =

This will need to be updated as follows:

ignorecommand = /usr/local/bin/ignore_ip_check.sh <ip>

 

===========================================