Fail2Ban is an important utility on the modern Internet for stopping “port probe” and other repeat intrusion/login attempts on your Internet services. The following describes how to install and initially configure it to monitor & block repeated login failures on the SSH service.
It isn’t in the standard CentOS 7 Repositories, but is easily installed and configured with the following commands and settings done as the root user:
a) The Fail2Ban package is in the EPEL-Release repository which is activated with the command:
yum install epel-release
b) After the above which makes the EPEL Release Repository available for use, Fail2Ban is installed with:
yum install fail2ban
(type ‘y’ to confirm the EPEL Key etc)
c) Fail2Ban is activated on the system with the command:
systemctl enable fail2ban
A quick SSH based default config for fail2ban is achieved by loading the following lines to the newly created file /etc/fail2ban/jail.local
[DEFAULT]
# Ban hosts for one hour:
bantime = 3600
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
[sshd]
enabled = true
The above configured Fail2Ban to block repeat offenders for 1 hour, to use the IPTables Firewalling capabilities on the SSH port of 22.
After loading the above to the jail.local file, restart the fail2ban service with:
systemctl restart fail2ban
You can check on fail2ban’s operations with the command:
fail2ban-client status
FYI,
Richard.