{"id":64344,"date":"2024-08-04T03:01:00","date_gmt":"2024-08-03T17:01:00","guid":{"rendered":"https:\/\/65.254.95.247\/ITblog\/?p=64344"},"modified":"2024-08-04T11:18:56","modified_gmt":"2024-08-04T01:18:56","slug":"almalinux-ssh-access-fail2ban-and-firewall-protection-tutorial","status":"publish","type":"post","link":"https:\/\/www.rjmprogramming.com.au\/ITblog\/almalinux-ssh-access-fail2ban-and-firewall-protection-tutorial\/","title":{"rendered":"AlmaLinux SSH Access Fail2ban and Firewall Protection Tutorial"},"content":{"rendered":"<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/Apache\/almalinux_ssh_brute_force_login_attempt_attack_fail2ban_and_firewall_protection.m4v\" rel=\"noopener\"><img decoding=\"async\" style=\"border: 15px solid pink;\" alt=\"AlmaLinux SSH Access Fail2ban and Firewall Protection Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/Apache\/ssh_info-91.jpg\" title=\"AlmaLinux SSH Access Fail2ban and Firewall Protection Tutorial\"  style=\"float:left;\" \/><\/a><p class=\"wp-caption-text\">AlmaLinux SSH Access Fail2ban and Firewall Protection Tutorial<\/p><\/div>\n<p>For us, we just want to get on with the programming.  But what if something is welling up, that might stop you &#8220;getting on&#8221;?<\/p>\n<p>We saw this on our &#8220;soon to be&#8221; dedicated virtual AlmaLinux Apache\/PHP\/MySql web server, for RJM Programming, where we use <a target=\"_blank\" title='Secure Shell information from Wikipedia, thanks' href='https:\/\/en.wikipedia.org\/wiki\/Secure_Shell' rel=\"noopener\">SSH<\/a> (Secure Shell) to access and get to a command line environment on that AlmaLinux web server via (no secret anymore) &#8230;<\/p>\n<p><code><br \/>\nssh -p 22 root@65.254.95.247<br \/>\n<\/code><\/p>\n<p>But what is a secret is the ensuing password needed to log in.  Worrying us, though, lately, was dialog <font color=blue>such as<\/font> &#8230;<\/p>\n<blockquote><p>\nuser@MacBook-Air htdocs % ssh -p 22 root@65.254.95.247<br \/>\nroot@65.254.95.247&#8217;s password:<br \/>\n<font color=blue>Last failed login: Fri Aug  2 20:49:45 EDT 2024 from 180.184.139.166 on ssh:notty<br \/>\nThere were 157 failed login attempts since the last successful login.<\/font><br \/>\nLast login: Fri Aug  2 19:20:56 2024 from 60.227.219.39<br \/>\n[root@65-254-95-247 ~]# exit<br \/>\nlogout\n<\/p><\/blockquote>\n<p> &#8230; &#8220;greeting&#8221; us as we logged in.  We dislike the advice online to configure SSH access away from port 22 (though we&#8217;re sure it could help some), so?  If you&#8217;re into security you will know the term <a target=\"_blank\" title='SSH Brute Force Attack information, thanks' href='https:\/\/helpcenter.trendmicro.com\/en-us\/article\/tmka-19689' rel=\"noopener\">&#8220;SSH Brute Force Attack&#8221;<\/a> &#8230;<\/p>\n<blockquote cite='https:\/\/helpcenter.trendmicro.com\/en-us\/article\/tmka-19689'><p>\nAn SSH brute force attack is a hacking technique that involves repeatedly trying different username and password combinations until the attacker gains access to the remote server.\n<\/p><\/blockquote>\n<p>Well, yes, our password is good, but if you were me, would you want to put up with this when, given the way you can trust yourself with the remembering of your own high security passwords, you have these great informative, and reassuring, websites like <a target=\"_blank\" title='Fail2Ban install tutorial for Linux (AlmaLinux)' href='https:\/\/www.liquidweb.com\/blog\/fail2ban-install-tutorial-for-linux-almalinux\/' rel=\"noopener\">Fail2Ban install tutorial for Linux (AlmaLinux)<\/a> that give you great step by step ways to &#8230;<\/p>\n<ul>\n<li>on AlmaLinux style web server &#8230;<\/li>\n<li>as required, install <font size=1>(oh, that&#8217;s what that is &#8230; from CentOS roamings)<\/font> <a target=\"_blank\" title='Fail2ban information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Fail2ban' rel=\"noopener\">&#8220;fail2ban&#8221;<\/a> and <a target=\"_blank\" title='Firewall info from Wikipedia from perspective of firewalld tool ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Firewalld' rel=\"noopener\">&#8220;firewalld&#8221;<\/a> (we touched on the &#8220;feel for&#8221; with previous CentOS based <a title='WHM cPanel cPHulk Firewall Primer Tutorial' href='#whmpphfpt'>WHM cPanel cPHulk Firewall Primer Tutorial<\/a>) &#8230; and then, the all important (and we recommend if all this is new, to take the advice of others) &#8230;<\/li>\n<li>configure fail2ban and fail2ban-client and arrangements regarding ssh login access<\/li>\n<\/ul>\n<p> &#8230; is <a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/Apache\/almalinux_ssh_brute_force_login_attempt_attack_fail2ban_and_firewall_protection.m4v\" rel=\"noopener\">there to help you out<\/a>?  And, yes, <a target=\"_blank\" title='?' href='https:\/\/en.wikipedia.org\/wiki\/Rhetoric_(Aristotle)' rel=\"noopener\">Aristotle<\/a>, <a target=\"_blank\" title='?' href='https:\/\/www.youtube.com\/watch?v=uhiCFdWeQfA' rel=\"noopener\">that last question was rhetorical<\/a>.<\/p>\n<p><video style=\"width:100%;\" controls><source tyle='video\/mp4' src='http:\/\/www.rjmprogramming.com.au\/Apache\/almalinux_ssh_brute_force_login_attempt_attack_fail2ban_and_firewall_protection.m4v'><\/source><\/video><\/p>\n<p><!--p>You can also see this play out at WordPress 4.1.1's <a target=\"_blank\" href='\/\/www.rjmprogramming.com.au\/ITblog\/almalinux-ssh-access-fail2ban-and-firewall-protection-tutorial\/' rel=\"noopener\">AlmaLinux SSH Access Fail2ban and Firewall Protection Tutorial<\/a>.<\/p-->\n<hr>\n<p id='whmpphfpt'>Previous relevant <a target=\"_blank\" title='WHM cPanel cPHulk Firewall Primer Tutorial' href='\/\/www.rjmprogramming.com.au\/ITblog\/whm-cpanel-cphulk-firewall-primer-tutorial\/' rel=\"noopener\">WHM cPanel cPHulk Firewall Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/cpanel_cphulk.gif\" rel=\"noopener\"><img decoding=\"async\" style=\"border: 15px solid pink;\" alt=\"WHM cPanel cPHulk Firewall Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/cpanel_cphulk.gif\" title=\"WHM cPanel cPHulk Firewall Primer Tutorial\"  style=\"float:left;\" \/><\/a><p class=\"wp-caption-text\">WHM cPanel cPHulk Firewall Primer Tutorial<\/p><\/div>\n<p>For our CentOS Linux Apache\/MySql\/PHP web server for RJM Programming, we needed to reboot the Apache and MySql services, via the use of an unusual <font size=1>(at least for us, because we couldn&#8217;t get graphical WHM cPanel access working)<\/font> combination of &#8230;<\/p>\n<ul>\n<li><a target=\"_blank\" title='Power Management on Windows' href='https:\/\/www.rjmprogramming.com.au\/ITblog\/vmware-vsphere-web-client-primer-tutorial\/#pmwin' rel=\"noopener\">Power Management<\/a> &#8230; Stop and Start the VMWare Virtual Host &#8230; followed by &#8230;<\/li>\n<li>ssh command line access means by which to restart Apache and MySql services <font size=1>(and we like <a target=\"_blank\" rel=\"noopener\">this link<\/a> as a services list checklist, thanks)<\/font> via &#8230;<br \/>\n<code><br \/>\nservice http restart<br \/>\nservice mysql restart<br \/>\n<\/code>\n<\/li>\n<\/ul>\n<p> &#8230; and even a &#8230;<\/p>\n<p><code><br \/>\nservice cpanel restart<br \/>\n<\/code><\/p>\n<p> &#8230; would not allow our graphical based WHM cPanel access happen, us getting, instead, when trying to access the usual Safari web browser address bar way, the error message &#8230;<\/p>\n<blockquote><p>\nThe connection timed out.  Please try again.\n<\/p><\/blockquote>\n<p>Weird!  Anyway, researching this <font size=1 id=iffone>(but please note all along, we suspect we may have been able to solve the issue by closing the Safari web browser and reopening and retrying it)<\/font> we got onto the topic of &#8230;<\/p>\n<p><code><br \/>\nWeb Server Firewalls<br \/>\n<\/code><\/p>\n<p> &#8230; associated with <font size=1>(what might be a &#8220;service&#8221; for you)<\/font> cPanel&#8217;s <a target=\"_blank\" title='cPanel cPHulk firewall' href='https:\/\/docs.cpanel.net\/knowledge-base\/security\/cphulk-management-on-the-command-line\/' rel=\"noopener\">cPHulk<\/a> software.<\/p>\n<p>We looked into <i>cPHulk<\/i>, and decided to Stop and Start <i>cPHulk<\/i> finding <a target=\"_blank\" title='cPHulk management' href='https:\/\/www.solvps.com\/blog\/?p=274' rel=\"noopener\">great &#8220;Stop&#8221; advice here<\/a>, getting us to go, while still in ssh session &#8230;<\/p>\n<p><code><br \/>\n\/usr\/local\/cpanel\/etc\/init\/stopcphulkd<br \/>\nrm -f \/var\/cpanel\/hulkd\/enabled<br \/>\n<\/code><\/p>\n<p> &#8230; then changed devices to see whether we could get a graphical cPanel session going, and, <font size=1><a href='#iffone'>lo and behold<\/a><\/font>, and relieved, yes, we could!<\/p>\n<p>But then there was the &#8220;Start&#8221; bit to the <i>cPHulk<\/i> work here.  Up the top left of graphical cPanel we typed in &#8220;cPHulk&#8221; and got to the webpage &#8230;<\/p>\n<p><code><br \/>\ncPHulk Brute Force Protection<br \/>\n<\/code><\/p>\n<p> &#8230; where we were surprised <font size=1>(and saddened)<\/font> to see an error message &#8230;<\/p>\n<blockquote><p>\nThe cphulkd login table seems corrupted.  Please contact your system administrator.\n<\/p><\/blockquote>\n<p>Researching this <a target=\"_blank\" title='Great advice' href='https:\/\/forums.cpanel.net\/threads\/cphulkd-login-table-seems-corrupted.237882\/' rel=\"noopener\">got us to try, thanks<\/a> &#8230;<\/p>\n<p><code><br \/>\nMain &gt;&gt; SQL Services &gt;&gt; Repair a MySQL Database<br \/>\n<\/code><\/p>\n<p> &#8230; successfully back at our graphical cPanel session.  Then we clicked the &#8220;cPHulk is Currently Disabled &#8230; Enable&#8221; button to successfully get the Firewall functional again.  <a target=\"_blank\" href=\"http:\/\/www.rjmprogramming.com.au\/cpanel_cphulk.gif\" title=\"Tutorial picture\" rel=\"noopener\">Phew!<\/a><\/p>\n<p><p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d56064' onclick='var dv=document.getElementById(\"d56064\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/firewall\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d56064' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d64344' onclick='var dv=document.getElementById(\"d64344\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/ssh\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d64344' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n","protected":false},"excerpt":{"rendered":"<p>For us, we just want to get on with the programming. But what if something is welling up, that might stop you &#8220;getting on&#8221;? We saw this on our &#8220;soon to be&#8221; dedicated virtual AlmaLinux Apache\/PHP\/MySql web server, for RJM &hellip; <a href=\"https:\/\/www.rjmprogramming.com.au\/ITblog\/almalinux-ssh-access-fail2ban-and-firewall-protection-tutorial\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,19,29,33,37],"tags":[53,4855,4858,234,249,311,4843,355,4859,1641,4860,611,707,1565,1564,1772,4861,1114,1190,1319,1376,1411],"class_list":["post-64344","post","type-post","status-publish","format-standard","hentry","category-elearning","category-installers","category-operating-system","category-software","category-tutorials","tag-access","tag-almalinux","tag-brute-force-attack","tag-command-line","tag-configuration","tag-dedicated-hosting","tag-dnf","tag-domain","tag-fail2ban","tag-firewall","tag-firewalld","tag-install","tag-linux","tag-login","tag-password","tag-port","tag-protection","tag-security","tag-ssh","tag-tutorial","tag-virtual-host","tag-web-server"],"_links":{"self":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64344"}],"collection":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/comments?post=64344"}],"version-history":[{"count":5,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64344\/revisions"}],"predecessor-version":[{"id":64349,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/64344\/revisions\/64349"}],"wp:attachment":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/media?parent=64344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/categories?post=64344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/tags?post=64344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}