fail2ban on CentOS 7 for ssh access

Basic installation and configuration of fail2ban on CentOS 7 (RHEL7) for ssh access.
(Changing some of the default values)

  • Add EPEL repositories
    rpm -i epel-release-7-1.noarch.rpm
  • Install packages
    yum install fail2ban-firewalld fail2ban-systemd
  • create /etc/fail2ban/jail.local
    findtime  = 5000
    enabled = true
  • Create /etc/fail2ban/action.d/firewallcmd-ipset.local
    bantime = 10000
  • Enable and start fail2ban:
    systemctl enable fail2ban
    systemctl start fail2ban
  • Check if selinux isn't blocking fail2ban from accessing the logs
    tail /var/log/audit/audit.log

    If you see any avc denied messages, be sure to add a custom module for fail2ban.