Security is becoming a major factor in IT industry and leaked databases or hacked accounts are becoming daily results of ignorance in proper security measures. After finishing this tutorial you will learn one of the ways to secure your CentOS server using Fail2Ban software. What it basically does is blocks IPs which are trying to access your VPS multiple times and fails to do so.
What you’ll need
Before you begin this guide you’ll need the following:
- VPS with CentOS 6
- SSH root access to the VPS
Step 1 — Installing Fail2Ban on CentOS
First of all, you need to connect to your VPS using Putty or any other SSH client.
As Fail2Ban is not available in default CentOS repositories, you will have to install EPEL package by running this command:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Now just execute standard Yum install command along with the fail2ban package name:
yum install fail2ban
That’s it, you have installed Fail2Ban on your VPS.
Step 2 — Creating local configuration file
Initially, Fail2Ban stores all its configuration in
/etc/fail2ban/jail.conf file, however, no changes should be made to this specific file. Some system updates or patches could overwrite it as well, so just create additional local configuration file with this command:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now you can make any customization you want to the jail.local file. Note that some essential services are already specified in this file.
Step 3 — Configuring Fail2Ban
Open the configuration file with your preferred text editor, in this sample we will use Nano text editor:
You should see this information at the top:
# # WARNING: heavily refactored in 0.9.0 release. Please review and # customize settings for your setup. # # Changes: in most of the cases you should not modify this # file, but provide customizations in jail.local file, # or separate .conf files under jail.d/ directory, e.g.: # # HOW TO ACTIVATE JAILS: # # YOU SHOULD NOT MODIFY THIS FILE. # # It will probably be overwritten or improved in a distribution update. # # Provide customizations in a jail.local file or a jail.d/customisation.local. # For example to change the default bantime for all jails and to enable the # ssh-iptables jail the following (uncommented) would appear in the .local file. # See man 5 jail.conf for details. # # [DEFAULT] # bantime = 3600 # # [sshd] # enabled = true # # See jail.conf(5) man page for more information # Comments: use '#' for comment lines and ';' (following a space) for inline comments
You should at least change these settings:
ignoreip– Specify your own ISP IP in this line, in such way you will avoid any blocks on your own IP address.
bantime– This value sets a number of seconds that a client would be blocked from the server if he violates any of the rules. The default is 10 minutes, you can raise it to couple hours.
maxretry– This is the number of times a host can fail to login before getting banned.
findtime– Amount of time that a client has to log in. The default is set to 10 minutes.
Once the modifications are made, save the configuration file with CTRL+X (or COMMAND+X if you are on Mac) shortcut.
Note that after making any change you need to restart Fail2Ban service for the changes to take effect. Run this command:
service fail2ban restart
Do not forget that security is not a standalone object, it is a suite of toolkits and measures to stay safe. Always implement multiple layers of up-to-date technologies and if one gets breached maybe the next one will stop the intruder.