Protect SSH/FTP using Fail2ban on CentOS/RHEL
Step 1: Install EPEL RPM Repository
Fail2ban is available in EPEL repository, So make sure you have installed EPEL repository in your system or you can use these instructions to install it.
Step 2: Install Fail2ban Package
After installing required repository use yum package manager to install Fail2ban rpm package using following command.
# yum install fail2ban
Step 3: Setup Fail2ban Default Configuration
Fail2ban provides its own security configuration file /etc/fail2ban/jail.conf, but we need to create a copy of this file as jail.local.
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Now we need to make necessory changes in jail.local file to create ban rules. Edit this file in your favorite editor and make changes in [DEFAULT] section.
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will use as always allowed, # so add your system ip to protect your ip from banned.ignoreip = 127.0.0.1/8 192.168.1.0/24 11.22.33.44 # "bantime" is the total number of seconds that a host is banned (3600sec = 1 Hour ).bantime = 3600 # A host is banned if it has generated "maxretry" during the last "findtime" seconds. as per below # settings, 2 minutesfindtime = 120 # "maxretry" is the number of failures before a host get banned.maxretry = 3
Step 4: Protect SSH/SFTP
After completing default configuration, go down in the same file jail.local and update [ssh-iptables] section as below.
enabled = true
filter = sshd
action = iptables[name=SSH, port=22, protocol=tcp]
sendmail-whois[name=SSH, dest=root, sender=admin@hackthesec.co.in, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 3
Step 5: Protect FTP (vsFTPd) Server
Let’s protect your FTP (vsFTPd) server, Find the below entry of [vsftpd-iptables] section and make changes as below. If you are not using vsFTPd, you can skip this section.
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=21, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=admin@hackthesec.co.in]
logpath = /var/log/vsftpd.log
maxretry = 5
bantime = 1800
Step 6: Restart Fail2ban Service
After making all the changes save your file and restart Fail2ban service using following command.
# service fail2ban restart
# chkconfig fail2ban on
Hack The Security Hack The Security Twitter Hack The Security Facebook
0 comments:
Post a Comment