How to Secure CentOS Virtual Machine With Fail2Ban

Security and protection is turning into a central point in IT industry and leaked databases or hacked accounts are winding up every day aftereffects of obliviousness in legitimate safety efforts. In the wake of completing this instructional exercise you will learn one of the approaches to secure your CentOS Linux VPS server utilizing Fail2Ban software. What it essentially does is squares IPs which are endeavoring to get to your Linux VPS Server different circumstances and neglects to do as such.

Fail2ban is log-parsing software that screens system logs for indications of an automated attack on your server or website. At the point when an endeavored compromise is found, utilizing the characterized parameters, Fail2ban will add another control to iptables to obstruct the IP address of the compromise, either for a set measure of time or for all time. Fail2ban can likewise caution you through email that an assault is happening.

Before you start this process you will need the following:

  • VPS Server with CentOS

  • Full SSH root access to the VPS

 

1st Step: Installing Fail2Ban on CentOS Virtual Server

First thing you have to do is connect to your Linux VPS server using Putty or using any SSH client.

Since Fail2ban is not available in CentOS  default repositories, so you need to install EPEL package by using following command:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

Presently simply execute standard Yum install command alongside the fail2ban package name:

yum install fail2ban

 

That’s all, you have installed Fail2ban successfully on your CentOS Linux VPS server.

2nd Step: Creating local configuration file

At first, Fail2Ban stores all its arrangement in /etc/fail2ban/jail.conf document, be that as it may, no changes ought to be made to this particular record. Some framework updates or fixes could overwrite it too, so simply make an additional local configuration file with this command:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

At present you can do any customization related task you wish to the jail.local file. Keep in mind that bew crucial services are prior specified in this file.

3rd Step: Configuring Fail2Ban

Now open the configuration file with your desired text editor, in this guide we are going to use Nano text editor:

nano /etc/fail2ban/jail.local

 

After running the above command you must see this information at the top:

#
# WARNING: heavily refactored in 0.9.0 release.  Please review &
#          customize settings for your setup..
#
# Changes:  in most of the cases you should not modify this
#           file, but provide customizations in jail.local file,
#           or separate .conf files under jail.d/ directory, e.g.:
#
# HOW TO ACTIVATE JAILS:
#
# YOU SHOULD NOT MODIFY THIS FILE..
#
# It will probably be overwritten or improved in a distribution update..
#
# Provide customizations in a jail.local file or a jail.d/customisation.local.
# For example to change the default bantime for all jails and to enable the
# ssh-iptables jail the following (uncommented) would appear in the .local file..
# See man 5 jail.conf for details..
#
# [DEFAULT]
# bantime = 3600
#
# [sshd]
# enabled = true
#
# See jail.conf(5) man page for more information

# Comments: use '#' for comment lines &';' (following a space) for inline comments

 

You ought to at least modify these settings:

  • ignoreip: Determine your own particular ISP IP in this line, in such way you will stay away from any blocks without anyone else IP address.

  • bantime: This esteem sets various seconds that a customer would be hindered from the Linux VPS server on the off chance that he abuses any of the standards. The default is 10 minutes, you can raise it to few hours.

  • maxretry: This is the circumstances a web host can neglect to login before getting prohibited.

  • findtime: Measure of time that a customer needs to sign in. The default is assign to 10 minutes.

 

Once all the changes are made, save the setup file with CTRL+X shortcut using your keyboard..

Keep in mind that after doing any modification you have to restart Fail2Ban service for modification to reflect. Run the following command:

service fail2ban restart

 

All done, now you have successfully secured your CentOS VPS Server with Fail2Ban.