One of the first things I do on a new server is install fail2ban . I have written about it before, but that was back when I was still using CentOS 6. Now I am using CentOS 7 the installation has a few more steps.
Firstly, as EPEL is not enabled by standard on most CentOS 7 installations enable the repo and then install fail2ban.
Once installed you can run the following to setup a check and block for failed SSH logins (it bans for 24 hours after three login failures);
Now it’s time to start firewalld & fail2ban;
Before setting firewalld & fail2ban to start on boot now is probably the best time to make sure everything is working as expected. If it’s not you can add firewall rules using the following commands to, for example open http & https;
Even worse, if you get kicked off the server instance and can no longer connect you should probably reboot your server instance and add rules for ssh.
If everything is working then set the services to start on boot using;
Thats it, you can check what fail2ban is up to by typing;
or you can check for errors using journalctl ;
If everything has gone as planned you should see it start to see IP addresses being blocked;