One of the first things I do on a new server is install fail2ban . I have written about it before, but that was back when I was still using CentOS 6. Now I am using CentOS 7 the installation has a few more steps.

Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban.

Fail2Ban on CentOS 7 1/8
yuminstall-yepel-release&&yuminstall-yfail2ban

Once installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);

Fail2Ban on CentOS 7 2/8
c[embFasnaaAtsaxnIhbrtLdlei2]etmBdreA/yNe==_t=Cct8O/r36Nfu4Fae0Ii0Gl2ban/jail.localFAIL2BAN_CONFIG

Now it’s time to start firewalld & fail2ban;

Fail2Ban on CentOS 7 3/8
systemctlstartfirewalld&&systemctlstartfail2ban

Before setting firewalld & fail2ban to start on boot now is probably the best time to make sure everything is working as expected. If it’s not you can add firewall rules using the following commands to, for example open http & https;

Fail2Ban on CentOS 7 4/8
[d[s[s[[d[rhrururrhrocococoocoopococoopotvtetettvt@6@s@s@@6@s-ssssss-seceeeecerlrrrrlrvivvvviveeeeeeeernrrrrnrtt~~~~~~]s]]]]h]#s####t#htfffsfpiiiyirrrsrheeetetwwwewtaaamaplllclsllltl---l-sccccsmmmrmhdddedstalpprlieetisrrstmmft-aai-snnrseeeeernnwrvttaviliclcedeszzsoonnee==ppuubblliiccaadddd--sseerrvviiccee==hhttttpps

Even worse, if you get kicked off the server instance and can no longer connect you should probably reboot your server instance and add rules for ssh.

If everything is working then set the services to start on boot using;

Fail2Ban on CentOS 7 5/8
ssyysstteemmccttlleennaabblleeffiarielw2ablalnd

Thats it, you can check what fail2ban is up to by typing;

Fail2Ban on CentOS 7 6/8
fail2ban-clientstatussshd

or you can check for errors using journalctl ;

Fail2Ban on CentOS 7 7/8
journalctl-lfufail2ban

If everything has gone as planned you should see it start to see IP addresses being blocked;

Fail2Ban on CentOS 7 8/8
[S``[rt--roa`ootF-ACTBotuicuoat@slCTFtrtn@stuoiiransefertloeleerorraenndrvrelstbvenllaIerttfiynPrhlasn~eyitbel~]l:adi]#jfen:s#aadntfii:ve2:alladi:e2r:2ld6/12s:1l28bso.ah0g6nd/5-s.ce3lc0iu.er1ne0t7s4t3a.t2u5s5.s1s9h1d.142