How to install and configure fail2ban
How to install and configure fail2ban
I noticed an entry "How to install and configure fail2ban" in the documentation section (http://vestacp.com/docs/) but there was no documentation (yet) on this subject. Maybe some readers are not familiar with this at all, so I decided to share a simple installation instruction for fail2ban on CentOS to enable you to get some basic protection.
(I'm assuming you know how to use basic commands like insert and :wq to use vi, but google that first if you don't)
1. Connect to your server as root via SSH
2. Because fail2ban is not available by default, we'll need to download the EPEL repository:
3. Install fail2ban
4. The default fail2ban config file can be found at /etc/fail2ban/jail.conf. We're creating a copy, and fail2ban will use your configuration changes from that new file.
5. Now open your new fail2ban configuration file:
Attention: You'll want to enter your personal/office ip address at the ignoreip line, to prevent locking yourself out.
You might also want to change the ban time (how long to block an IP - in seconds), maxretry (number of incorrect login attempts before blocking the IP) and the findtime (if someone attempts and fails the maxretry number of times in the specified findtime they get blocked)
6. Edit the desired sections. For instance:
7. Restart fail2ban.
8. Now, you probably want to start this on reboot; so enter:
9. See your rules list:
Note: there's more to do in order to protect your server, but this is a nice place to start... Anyone feel free to add to this post.
(I'm assuming you know how to use basic commands like insert and :wq to use vi, but google that first if you don't)
1. Connect to your server as root via SSH
Code: Select all
ssh [email protected]Code: Select all
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmCode: Select all
yum install fail2banCode: Select all
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localCode: Select all
vi /etc/fail2ban/jail.localYou might also want to change the ban time (how long to block an IP - in seconds), maxretry (number of incorrect login attempts before blocking the IP) and the findtime (if someone attempts and fails the maxretry number of times in the specified findtime they get blocked)
6. Edit the desired sections. For instance:
Code: Select all
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/secure
maxretry = 5Code: Select all
service fail2ban restartCode: Select all
chkconfig fail2ban onCode: Select all
iptables -L -nNote: there's more to do in order to protect your server, but this is a nice place to start... Anyone feel free to add to this post.
Re: How to install and configure fail2ban
This is a great howto, thanks. I'm going to publish on the documentation page.
Re: How to install and configure fail2ban
Cool! Will fail2ban be integrated into the VestaCP install?
Re: How to install and configure fail2ban
Not decided yet. It depends on the firewall project which is not started as for now.