Install Fail2Ban and configure some default settings:
sudo yum update sudo yum install epel-release sudo yum install fail2ban sudo nano /etc/fail2ban/jail.local
A typical template for jail.local looks like this:
[DEFAULT]
bantime = 43200
findtime = 600
maxretry = 3
banaction = iptables-multiport
backend = systemd
[sshd]
enabled = true
ignore = a list of I.P address that you do not wish to ban
bantime (seconds) – typical values are:
3600 (1 hour); 10800 (3 hours); 21600 (6 hours)
43200 (12 hours); 86400 (24 hours)
maxretry is the number of failures before a host is banned. Default value is 3.
findtime (seconds) and maxretry are related. Combined, they dictate the number of attempts (maxretry) within a given timeframe (findtime) which results in a ban. Default value of findtime is 600, which means that when fail2ban counts 3 failed attempts, within the last 10 minutes, it will ban the querying IP address.
Good values for findtime are:
300 or 600 (300 seconds = 5 minutes, 600 = 10 minutes)
3 for maxretry
Enable Fail2Ban at reboot, start the service, and check status:
systemctl start fail2ban
systemctl enable fail2ban
systemctl status fail2ban
fail2ban-client status
fail2ban-client status sshd