In this article, we will delve into the detailed process of configuring the firewall on CentOS 7 to automatically block IP addresses that repeatedly fail SSH authentication attempts. This method will enhance system security by preventing potential attackers from making unauthorized access attempts.
Prerequisites
Before getting started, ensure that:
- You have CentOS 7 installed.
- You have superuser privileges or access via sudo.
Step 1: Installing Fail2Ban
Fail2Ban is a tool that monitors system logs (e.g., /var/log/secure) and blocks IP addresses based on defined rules for repeated authentication failures.
- First, update system packages using the command:
sudo yum update
- Install Fail2Ban:
sudo yum install epel-release sudo yum install fail2ban
- After installing Fail2Ban, start and enable the service to run on system startup:
sudo systemctl start fail2ban sudo systemctl enable fail2ban
Step 2: Configuring Fail2Ban
Fail2Ban allows you to modify its behavior using configuration files in /etc/fail2ban
. For safer modifications, it's recommended to create a copy of the jail.conf
file as jail.local
.
- Copy the configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
- Open the
jail.local
file in a text editor:sudo nano /etc/fail2ban/jail.local
- Set basic directives in the
[DEFAULT]
section as needed, such as ban time and number of retries.
Step 3: Configuring SSH Rule
In the jail.local
file, you need to set a rule for SSH, typically in the [sshd]
section.
- Ensure that the
[sshd]
section contains the following configuration:
This configuration enables protection for SSH, sets the maximum retries to 5, and bans IPs for 600 seconds.[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/secure maxretry = 5 bantime = 600
Step 4: Applying Changes and Testing
After configuring Fail2Ban, you need to restart the service for the changes to take effect.
- Restart the Fail2Ban service:
sudo systemctl restart fail2ban
- You can check the status of blocked IP addresses using:
sudo fail2ban-client status sshd
By following this method, you have successfully configured the firewall on CentOS 7 to automatically block IP addresses that repeatedly fail SSH authentication. Using Fail2Ban will enhance the security of your system against unauthorized access attempts.