Before we begin, let's update the system to ensure that we have the latest packages:
sudo yum update -y
Next, install fail2ban using the following command:
sudo yum install fail2ban -y
Once installed, start fail2ban and enable it to run on system boot:
sudo systemctl start fail2ban sudo systemctl enable fail2ban
Start by installing Firewalld:
sudo yum install firewalld -y
Start the Firewalld service and set it to start on boot:
sudo systemctl start firewalld sudo systemctl enable firewalld
Now, add rules for the desired ports, for example, SSH port 22:
sudo firewall-cmd --permanent --add-port=22/tcp sudo firewall-cmd --reload
Begin by editing the jail.local file:
sudo vi /etc/fail2ban/jail.local
Add the following content to the file:
[ssh] enabled = true port = 22 filter = sshd logpath = /var/log/secure maxretry = 3 action = firewallcmd-ipset
Create the firewallcmd-ipset action file:
sudo vi /etc/fail2ban/action.d/firewallcmd-ipset.conf
Open the file and add the necessary configuration:
[Actions] Options used by actions default = 0.0.0.0/0 bantime = 3600 maxretry = 3 ignoreip = 127.0.0.1/8 banip = 0.0.0.0/0 findtime = 600
Finally, restart the fail2ban service to apply the new configurations:
sudo systemctl restart fail2ban
By following these steps, you have successfully installed and configured fail2ban and Firewalld on CentOS 7, providing enhanced protection against brute force and CC attacks.
Q: How can I check the banned IP addresses?
A: You can use the following command to view the banned IP addresses:
sudo fail2ban-client status ssh
Q: How can I unban a specific IP address?
A: To unban a specific IP address, use the following command (replace <IP>
with the actual IP address):
sudo firewall-cmd --permanent --zone=public --remove-source=<IP>/32 sudo firewall-cmd --reload
We encourage you to leave any questions, feedback, or suggestions in the comments section. Thank you for reading and stay tuned for more insightful content!