One of the first things I do on a new server is install fail2ban. I have written about it before, but that was back when I was still using CentOS 6. Now I am using CentOS 7 the installation has a few more steps.
Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban.
yum install -y epel-release && yum install -y fail2ban
Once installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);
cat >> /etc/fail2ban/jail.local << FAIL2BAN_CONFIG [sshd] enabled = true maxretry = 3 bantime = 86400 FAIL2BAN_CONFIG
Now it’s time to start firewalld & fail2ban;
systemctl start firewalld && systemctl start fail2ban
Before setting firewalld & fail2ban to start on boot now is probably the best time to make sure everything is working as expected. If it’s not you can add firewall rules using the following commands to, for example open http & https;
[[email protected] ~]# firewall-cmd — list-services dhcpv6-client ssh [[email protected] ~]# firewall-cmd — permanent — zone=public — add-service=http success [[email protected] ~]# firewall-cmd — permanent — zone=public — add-service=https success [[email protected] ~]# systemctl restart firewalld [[email protected] ~]# firewall-cmd — list-services dhcpv6-client http https ssh [[email protected] ~]#
Even worse, if you get kicked off the server instance and can no longer connect you should probably reboot your server instance and add rules for ssh.
If everything is working then set the services to start on boot using;
systemctl enable firewalld systemctl enable fail2ban
Thats it, you can check what fail2ban is up to by typing;
fail2ban-client status sshd
or you can check for errors using journalctl;
journalctl -lfu fail2ban
If everything has gone as planned you should see it start to see IP addresses being blocked;