You need to automate firewall rules in Linux to secure ycour systems in public AWS clouds. Using the AWS firewall we can easiliy block serverices but it is not so easy to block SSH. Using firewalld on AlmaLinux 8.5 a Red Hat rebuild we can ensure that we can block IP addresses that use suspect behavior to your system Adding firewall rules to block or reject access from hosts that try incorrect user names to our systems. We should never allow root access to the system
for i in $(sudo grep -i "Failed password for invalid user" /var/log/secure | cut -d' ' -f13 | sort -u | grep '^[1-9]') ; do sudo firewall-cmd --zone=block --add-source="$i"; done
Additionally you can find my video courses on Pluralsight: http://pluralsight.com/training/Authors/Details/andrew-mallett and take time to see my own site http://www.theurbanpenguin.com
