This guide explains how to install Fail2ban software, an intrusion prevention framework on your CentOS 7 (and 6) vps easily so you can protect your server from brute-force attacks. I previously posted some basic configs for a new CentOS server
including to change default SSH port and to disable root login
directly. But however sometimes that would be not enough. Brute-force
attack may occur continuously, hence you need to ban the source IP of
that attack so it will not happen continuously or at least the attacker will need many IPs. Meed Fail2Ban that exists originally for that purpose, to protect your server from SSH brute-force attack.
Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.
Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
Step 2 – For your information, Fail2ban is not available by default in CentOS so you can’t install it directly via yum. Hence, you have to firstly add EPEL repo:
CentOS 6:
CentOS 7:
pic, screenshot on CentOS 7:
In case if those repo URLs are not working, you can fine the latest one here.
Step 3 – Now install it using yum:
and once done you’ll see something like this:
This task is necessary so you can edit configuration locally (your
own setting) without messing up with default one. There are lot of
possible services that may need protection are in the jail.local file
already.
Step 5 – Now edit jail.local file you copied. Use your favorite text editor like Nano or vi.
You’ll then firstly see something like this:
Step 6 – Scroll down the page for all available configuration. There are few lines act as basic setup you can edit as necessary to suit your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.
In the “ignoreip” line you can define several IPs to whitelist so fail2ban won’t lock out that IP. Here you can add your personal / home IP address in case if your forgot your own password to login to your server. You can separate each address with a space.
Step 7 – Now restart Fail2ban so the new configuration can take effect.
CentOS 7:
CentOS 6:
That’s it. Enjoy..
Fail2ban works by scanning and monitoring log files for selected entries then bans IPs that show the malicious signs like too many password failures, seeking for exploits, etc.
Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
How to Install
Step 1 – Login to your server as user with root privilege.Step 2 – For your information, Fail2ban is not available by default in CentOS so you can’t install it directly via yum. Hence, you have to firstly add EPEL repo:
CentOS 6:
1
| rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm |
1
| rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm |
In case if those repo URLs are not working, you can fine the latest one here.
Step 3 – Now install it using yum:
1
| yum install fail2ban -y |
and once done you’ll see something like this:
How to Configure Fail2Ban
Step 4 – So now fail2ban is installed on your VPS, what next to do is setting up some basic Fail2ban configuration. Here I’ll show you a very basic setup. Now firstly copy default configuration file:
1
| cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local |
Step 5 – Now edit jail.local file you copied. Use your favorite text editor like Nano or vi.
1
| nano /etc/fail2ban/jail.local |
Step 6 – Scroll down the page for all available configuration. There are few lines act as basic setup you can edit as necessary to suit your need including: ignoreip, bantime, findtime, and maxretry. You can read what each line means in the explanation available there.
In the “ignoreip” line you can define several IPs to whitelist so fail2ban won’t lock out that IP. Here you can add your personal / home IP address in case if your forgot your own password to login to your server. You can separate each address with a space.
Step 7 – Now restart Fail2ban so the new configuration can take effect.
CentOS 7:
1
| systemctl restart fail2ban.service |
1
| service fail2ban restart |
That’s it. Enjoy..
No comments:
Post a Comment