API tools faq
paste
Advertisement
master3395

fail2ban integration CyberPanel v 2.4.3

master3395
Jul 7th, 2025
271
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.79 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. **How to Install and Configure Fail2Ban on CyberPanel (AlmaLinux 8.10, CyberPanel 2.4.3)**
  2.  
  3. ---
  4.  
  5. ### ✅ Step 1: Install Fail2Ban
  6.  
  7. ```bash
  8. dnf install epel-release -y
  9. dnf install fail2ban -y
  10. ```
  11.  
  12. ### ✅ Step 2: Enable and Start firewalld (Required for Banning)
  13.  
  14. ```bash
  15. systemctl enable firewalld --now
  16. firewall-cmd --state  # confirms firewalld is active
  17. ```
  18.  
  19. ### ✅ Step 3: Enable and Start Fail2Ban
  20.  
  21. ```bash
  22. systemctl enable fail2ban --now
  23. ```
  24.  
  25. ### ✅ Step 4: Create `jail.local` for SSHD
  26.  
  27. Edit or create the jail configuration file:
  28.  
  29. ```bash
  30. nano /etc/fail2ban/jail.local
  31. ```
  32.  
  33. Paste the following:
  34.  
  35. ```ini
  36. [DEFAULT]
  37. banaction = firewallcmd-rich-rules
  38. backend = systemd
  39. ignoreip = 127.0.0.1/8 ::1
  40. findtime = 600
  41. bantime = 3600
  42. maxretry = 5
  43.  
  44. [sshd]
  45. enabled = true
  46. port = ssh
  47. filter = sshd
  48. logpath = /var/log/secure
  49. maxretry = 3
  50. bantime = 600
  51. findtime = 600
  52. ```
  53.  
  54. Save with `CTRL+X`, then `Y`, then `Enter`.
  55.  
  56. ### ✅ Step 5: Test the Configuration
  57.  
  58. Check the status of Fail2Ban:
  59.  
  60. ```bash
  61. systemctl status fail2ban
  62. ```
  63.  
  64. List enabled jails:
  65.  
  66. ```bash
  67. fail2ban-client status
  68. ```
  69.  
  70. Check SSHD jail details:
  71.  
  72. ```bash
  73. fail2ban-client status sshd
  74. ```
  75.  
  76. ### ✅ Step 6: Test Banning Manually
  77.  
  78. ```bash
  79. fail2ban-client set sshd banip 1.2.3.4
  80. firewall-cmd --list-rich-rules
  81. ```
  82.  
  83. ---
  84.  
  85. ### 🚨 Extra Tips: CyberPanel Integration
  86.  
  87. CyberPanel shows SSH attack logs visually, but you must rely on Fail2Ban to ban the IPs.
  88.  
  89. Verify the following:
  90.  
  91. * `/var/log/secure` contains SSH logs.
  92. * SSHD filter works:
  93.  
  94. ```bash
  95. fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf
  96. ```
  97.  
  98. ---
  99.  
  100. ## ✅ Import Previously Blocked IPs from CyberPanel Firewall to Fail2Ban
  101.  
  102. ### Create the Import Script
  103.  
  104. ```bash
  105. nano /root/import-banned-ips.sh
  106. ```
  107.  
  108. Paste this:
  109.  
  110. ```bash
  111. #!/bin/bash
  112.  
  113. JAIL="sshd"
  114.  
  115. IPS=(
  116. 125.91.106.241
  117. 92.118.39.87
  118. 116.103.227.168
  119. 92.118.39.62
  120. 89.110.87.132
  121. 220.80.197.180
  122. 86.54.25.130
  123. 80.94.95.112
  124. 80.94.95.15
  125. 123.58.213.127
  126. 213.139.72.208
  127. 20.54.64.50
  128. 36.108.171.28
  129. 202.39.251.216
  130. 116.193.190.8
  131. 114.96.87.140
  132. 118.122.147.195
  133. 154.83.15.132
  134. 220.205.122.62
  135. 203.66.14.161
  136. 103.215.80.141
  137. 147.50.227.79
  138. 35.210.61.208
  139. 61.188.205.76
  140. 101.47.72.59
  141. 150.241.246.148
  142. 92.55.83.15
  143. 98.66.154.229
  144. 193.151.149.140
  145. 43.139.232.36
  146. 62.210.97.97
  147. 78.159.98.70
  148. 209.38.23.83
  149. 181.2.151.236
  150. 211.219.22.213
  151. 103.48.84.147
  152. 177.220.176.63
  153. 122.156.167.62
  154. 107.148.176.145
  155. 191.220.115.223
  156. 193.32.162.157
  157. 144.48.240.124
  158. 116.98.175.44
  159. 116.105.214.33
  160. 43.156.115.5
  161. 14.225.220.107
  162. 92.205.21.23
  163. 120.48.162.75
  164. 45.148.10.240
  165. 50.84.211.204
  166. 120.28.197.159
  167. 172.245.11.43
  168. 69.49.247.178
  169. 103.82.240.194
  170. 221.229.218.50
  171. 207.167.66.226
  172. 218.51.148.194
  173. 14.103.161.184
  174. 103.59.94.155
  175. 45.116.77.25
  176. 103.215.81.209
  177. 92.118.39.92
  178. 185.93.89.118
  179. 192.227.247.40
  180. 27.119.7.6
  181. 103.189.235.176
  182. 158.51.124.56
  183. 41.58.186.130
  184. 147.50.103.212
  185. 14.103.243.87
  186. 124.44.117.106
  187. 103.56.115.23
  188. 190.111.211.81
  189. 202.157.176.210
  190. 64.235.33.145
  191. 4.154.223.182
  192. 195.178.110.125
  193. 111.180.199.183
  194. 185.155.62.232
  195. 14.103.118.106
  196. 45.159.221.129
  197. 101.89.182.189
  198. 186.96.166.237
  199. 14.63.196.175
  200. 111.173.104.178
  201. 14.103.90.30
  202. 92.118.39.71
  203. 124.164.237.56
  204. 103.120.227.88
  205. 119.246.15.94
  206. 119.28.86.241
  207. 14.103.170.169
  208. 47.81.8.111
  209. 139.150.83.88
  210. 27.254.235.13
  211. 172.208.24.217
  212. 39.109.104.252
  213. 1.202.223.2
  214. 103.187.147.35
  215. 123.253.162.254
  216. )
  217.  
  218. for ip in "${IPS[@]}"; do
  219.     echo "banning $ip in jail $JAIL"
  220.     fail2ban-client set "$JAIL" banip "$ip"
  221. done
  222. ```
  223.  
  224. Make it executable:
  225.  
  226. ```bash
  227. chmod +x /root/import-banned-ips.sh
  228. ```
  229.  
  230. Run it:
  231.  
  232. ```bash
  233. /root/import-banned-ips.sh
  234. ```
  235.  
  236. ### ✅ Verify Bans Were Imported
  237.  
  238. ```bash
  239. fail2ban-client status sshd
  240. ```
  241.  
  242. You should see something like:
  243.  
  244. ```
  245. |- Currently banned: 92
  246. `- Banned IP list: 125.91.106.241 92.118.39.87 ...
  247. ```
  248.  
  249. ### ♻ Optional: Clean Up Old Manual Rules from firewalld
  250.  
  251. ```bash
  252. for ip in "${IPS[@]}"; do
  253.     firewall-cmd --permanent --remove-rich-rule="rule family=ipv4 source address=$ip drop"
  254. done
  255. firewall-cmd --reload
  256. ```
  257.  
  258. ---
  259.  
  260. ## ✅ Final Checklist: Ensure Auto-Banning is Working
  261.  
  262. 1. **Fail2Ban is Running**
  263.  
  264. ```bash
  265. systemctl status fail2ban
  266. ```
  267.  
  268. Should say `active (running)`.
  269.  
  270. 2. **SSHD Jail is Enabled**
  271.  
  272. ```bash
  273. fail2ban-client status
  274. ```
  275.  
  276. You should see `sshd` listed.
  277.  
  278. 3. **Correct Log Path**
  279.    Make sure you're using:
  280.  
  281. ```ini
  282. logpath = /var/log/secure
  283. ```
  284.  
  285. 4. **Valid Ban Action**
  286.  
  287. ```ini
  288. banaction = firewallcmd-rich-rules
  289. ```
  290.  
  291. Or:
  292.  
  293. ```ini
  294. banaction = firewallcmd-ipset
  295. ```
  296.  
  297. 5. **Filter Is Matching**
  298.   Run:
  299.  
  300. ```bash
  301. fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf
  302. ```
  303.  
  304. This should show matched log lines.
  305.  
  306. Once all of the above is set, new attackers are automatically detected and banned by Fail2Ban with no manual work required!
  307.  
Tags: fail2ban cyberpanel
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!