SO, to re-cap…
Switch all services to non-standard ports.
Only use keys to login to SSH (and disable password access).
Remove firewalld and fail2ban and install the far superior csf+lfd combo.
You’re done.
People! Listen to sonoracomm! After a few minutes with the csf documentation you will have a firewall that not only automatically bans anyone messing with your server (port scans, floods, failed logins, etc.), but can even ban (at the firewall level) clients which are messing with your server at the application level by watching your ModSecurity’s log output. Real nifty.
This idiot was trying to mess with my Wordpress install this morning. I say idiot (or perhaps bot), because I don’t have Wordpress installed! I have csf setup to ban (for an hour) anyone who tries five or more dodgy “attacks”.
Time: Thu Apr 29 06:51:10 2021 +0100
IP: 80.194.*.* (GB/United Kingdom/host-80-194-*-*.static.cable.virginmedia.com)
Failures: 5 (mod_security)
Interval: 3600 seconds
Blocked: Temporary Block for 3600 seconds [LF_MODSEC]
Log entries:
<snipped>
Anyone who hasn’t at least looked into CSF is doing themselves a disservice.
(note: I added the asterisks, you of course see the full IP address in your emails)