How to Secure CentOS 6 VPS With Fail2Ban
Security is one of the most important factors in IT industry and leaked databases or hacked accounts are turning into daily results of ignorance in the right security measures. Once you are done with this tutorial you will learn one of the ways you could secure your CentOS VPS using the Fail2Ban software. Fail2Ban’s job is to block IPs which attempt to access your VPS several times and fails to do so.
For this guide you are going to require the following:
– VPS with CentOS 6.
– SSH root access to the VPS.
Step 1 — Installing Fail2Ban on CentOS
To begin, you’ll have to connect to your VPS using Putty or any other SSH client.
Since Fail2ban isn’t available in the default CentOS repositories, you are going to need to install the EPEL package by executing the command below:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Next, we will run the standard Yum install command along with the fail2ban package name:
yum install fail2ban
This is all, you should now have Fail2Ban installed on your VPS.
Step 2 — Creating local configuration file
First of all, Fail2Ban collects all of its configuration in /etc/fail2ban/jail.conf file, though, no changes need to be made to this particular file. Certain system updates or patches could overwrite it as well, so simply make an additional local configuration file using the command below:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
You can now do any customizations you’d like to the jail.local file. Reminder that certain essential services are already specified in this file.
Step 3 — Configuring Fail2Ban
Next we will open the configuration file using our favorite text editor, we will be using Nano text editor in the example below:
You will see this information at the top:
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline comments
It’s recommended to change those settings:
- ignoreip – Specify your own ISP IP in this line, in such way you will avoid any blocks on your own IP address.
- bantime – This value sets a number of seconds that a client is going to be blocked from the server in case he violates any of the rules. The default is 10 minutes, you can change it to higher if you’d like.
- maxretry – This is the number of times a host can fail to login before getting banned.
- findtime – Amount of time that a client has to log in. The default is set to 10 minutes.
After the edits are done, save the configuration file using CTRL+X (or CMD+X if you are using MAC) shortcut.
Reminder that every change you make you will have to restart the Fail2Ban service for the changes to take effect. Execute the command below:
service fail2ban restart
Reminder that security is not a standalone object, it is a bunch of toolkits and measures to stay safe. Always implement several layers of up-to-date technologies and if one of them gets breached, perhaps the next one will prevent the intruder from accessing.