Fail2Ban on CentOS 7
One of the first things I do on a new server is install fail2ban. I have written about it before, but that was back when I was still using CentOS 6. Now I am using CentOS 7 the installation has a few more steps.
Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban.
yum install -y epel-release && yum install -y fail2banOnce installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);
cat >> /etc/fail2ban/jail.local << FAIL2BAN_CONFIG [sshd] enabled = true maxretry = 3 bantime = 86400 FAIL2BAN_CONFIGNow it’s time to start firewalld & fail2ban;
systemctl start firewalld && systemctl start fail2banBefore setting firewalld & fail2ban to start on boot now is probably the best time to make sure everything is working as expected. If it’s not you can add firewall rules using the following commands to, for example open http & https;
[root@server ~]# firewall-cmd — list-services dhcpv6-client ssh [root@server ~]# firewall-cmd — permanent — zone=public — add-service=http success [root@server ~]# firewall-cmd — permanent — zone=public — add-service=https success [root@server ~]# systemctl restart firewalld [root@server ~]# firewall-cmd — list-services dhcpv6-client http https ssh [root@server ~]#Even worse, if you get kicked off the server instance and can no longer connect you should probably reboot your server instance and add rules for ssh.
If everything is working then set the services to start on boot using;
systemctl enable firewalld systemctl enable fail2banThats it, you can check what fail2ban is up to by typing;
fail2ban-client status sshdor you can check for errors using journalctl;
journalctl -lfu fail2banIf everything has gone as planned you should see it start to see IP addresses being blocked;
[root@server ~]# fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 261 | `- File list: /var/log/secure `- Actions |- Currently banned: 2 |- Total banned: 2 `- Banned IP list: 218.65.30.107 43.255.191.142 [root@server ~]#Related Posts
Falco by sysdig
Discover Falco by Sysdig, a powerful behavioral security service monitoring system calls.
Update the Kernel on a Digital Ocean droplet
Upgrade your Digital Ocean droplet's kernel effortlessly. Discover the steps to ensure smooth kernel updates for enhanced security and performance.
Digital Ocean Bootstrap
Get your CentOS 7 DigitalOcean droplet up and running in no time! Learn how to perform essential tasks for a smooth deployment.