Install Fail2Ban on RHEL 9

Fail2Ban monitors logs and bans IPs that show malicious patterns.

Step 1 – Install

subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
dnf install -y fail2ban
systemctl enable --now fail2ban

Step 2 – Configure (`/etc/fail2ban/jail.local`)

Always edit jail.local, not jail.conf:

[DEFAULT]
bantime  = 3600      # ban for 1 hour
findtime = 600       # within 10-minute window
maxretry = 5         # after 5 failures
banaction = iptables-multiport  # or firewalld on RHEL

ignoreip = 127.0.0.1/8 192.168.1.0/24

[sshd]
enabled  = true
port     = ssh,2222
logpath  = %(sshd_log)s
backend  = %(sshd_backend)s
maxretry = 3
bantime  = 86400

[nginx-http-auth]
enabled  = true

[nginx-botsearch]
enabled  = true

Step 3 – Reload and test

systemctl reload fail2ban 2>/dev/null || rc-service fail2ban reload
fail2ban-client status
fail2ban-client status sshd

Step 4 – Manually ban/unban

fail2ban-client set sshd banip 1.2.3.4
fail2ban-client set sshd unbanip 1.2.3.4

Install Fail2Ban on RHEL 9

Install Fail2Ban on RHEL 9

Step 1 – Install

Step 2 – Configure (/etc/fail2ban/jail.local)

Step 3 – Reload and test

Step 4 – Manually ban/unban

Step 2 – Configure (`/etc/fail2ban/jail.local`)