Secure your server with fail2ban

Fail2ban on CentOS 6.5 (Protect SSH/FTP using fail2ban)

Fail2ban, it is a security based application for your Unix based server. The fail2ban service is commonly used to protect your SSH and FTP from unauthorized connection.By default, a client connects to SSH using port 22. Because this is a well-known port, the default configuration is vulnerable to many brute force attacks. Fail2Ban is a solution to automatically protect a server from these attacks.he program runs in background, scans the log files to detect which IPs are attacking and automatically bans them from accessing SSH.
Installing Fail2Ban in RHEL, CentOS and Fedora
enable epel repo
yum install epel-release
install fail2ban
yum install fail2ban
Configuring the Fail2Ban settings
backup configuration file
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.org
Open the Fail2Ban configuration file.
vi /etc/fail2ban/jail.conf
You can see the default section below.
[DEFAULT]
/# “ignoreip” can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
/# ban a host which matches an address in this list. Several addresses can be
/# defined using space separator.
ignoreip = 127.0.0.1 (ad your ip using space separator)
/# “bantime” is the number of seconds that a host is banned.
bantime = 600
/# A host is banned if it has generated “maxretry” during the last “findtime”
/# seconds.
findtime = 600
/# “maxretry” is the number of failures before a host get banned.
maxretry = 3
Explanation
ignoreip: Don’t ban hosts which match an address in this list. Several addresses can be defined using space separator. Write your personal IP on this line.
bantime: The number of seconds that a host is banned.
findtime: A host is banned if it has generated maxretry during the last findtime.
maxretry: The number of failures before a host get banned.
Protect SSH/SFTP using fail2ban
After the basic settings in conf file, you can find the section for SSH [ssh-iptables]. change in configuration file:
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
logpath = /var/log/secure
maxretry = 3
Starting up Fail2Ban service
service fail2ban start
chkconfig fail2ban on
Protect your FTP server by using fail2ban
[proftpd-iptables]
enabled = false
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=you@example.com]
logpath = /var/log/proftpd/proftpd.log
maxretry = 3
Starting up Fail2Ban service
service fail2ban start
chkconfig fail2ban on
Finally, check iptables to see if it has the rules added by Fail2Ban.
iptables -L
 

Be the first to comment

Leave a Reply

Your email address will not be published.


*