How to Secure CentOS 6 VPS With Fail2Ban
IntroductionSecurity is one of the most important factors in IT industry and leaked databases or hacked accounts are turning into daily results of ignorance in the right security measures. Once you are done with this tutorial you will learn one of the ways you could secure your CentOS VPS using the Fail2Ban software. Fail2Ban’s job is to block IPs which attempt to access your VPS several times and fails to do so.
RequirementsFor this guide you are going to require the following: – VPS with CentOS 6. – SSH root access to the VPS.
Step 1 — Installing Fail2Ban on CentOSTo begin, you’ll have to connect to your VPS using Putty or any other SSH client. Since Fail2ban isn’t available in the default CentOS repositories, you are going to need to install the EPEL package by executing the command below:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmNext, we will run the standard Yum install command along with the fail2ban package name:
yum install fail2banThis is all, you should now have Fail2Ban installed on your VPS.
Step 2 — Creating local configuration fileFirst of all, Fail2Ban collects all of its configuration in /etc/fail2ban/jail.conf file, though, no changes need to be made to this particular file. Certain system updates or patches could overwrite it as well, so simply make an additional local configuration file using the command below:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localYou can now do any customizations you’d like to the jail.local file. Reminder that certain essential services are already specified in this file.
Step 3 — Configuring Fail2BanNext we will open the configuration file using our favorite text editor, we will be using Nano text editor in the example below:
nano /etc/fail2ban/jail.localYou will see this information at the top:
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline commentsIt’s recommended to change those settings:
- ignoreip – Specify your own ISP IP in this line, in such way you will avoid any blocks on your own IP address.
- bantime – This value sets a number of seconds that a client is going to be blocked from the server in case he violates any of the rules. The default is 10 minutes, you can change it to higher if you’d like.
- maxretry – This is the number of times a host can fail to login before getting banned.
- findtime – Amount of time that a client has to log in. The default is set to 10 minutes.
service fail2ban restart
ConclusionReminder that security is not a standalone object, it is a bunch of toolkits and measures to stay safe. Always implement several layers of up-to-date technologies and if one of them gets breached, perhaps the next one will prevent the intruder from accessing.
Updated on 05 Mar 2018
Add a comment