Use fail2ban to protect your RHEL servers from ssh brute-forcers

Install fail2ban

$ sudo yum -y install epel-release
$ sudo yum -y install fail2ban
$ sudo systemctl enable --now fail2ban.service

Edit the config file to set the jail

$ sudo vim /etc/fail2ban/jail.local

Here is a sample config that bans ssh brute force hosts for 1 hour.

[DEFAULT]
bantime = 3600
banaction = iptables-multiport

[sshd]
enabled = true

You can also define findtime and maxretry in the config.

Reload the service

$ sudo systemctl restart fail2ban.service

Query the jail

You can query the ban list by doing:

$ sudo fail2ban-client status sshd
{{ message }}

{{ 'Comments are closed.' | trans }}