People using vps hosting or dedicated hosting services for their website and app hosting, facing issues with server security.
It becomes more difficult when someone is not from technical or system administration background and managing server for his/her website, app, company.
So here we are making this task to something more simple for ssh login attacks via using fail2ban on your centos 7 server.
Here i am discussing step by step guide on how to install fail2ban on Centos 7 to secure your vps/dedicated hosting ssh access.
Before we start
To install fail2ban on centos server we require EPEL(Extra package for enterprise linux) repositories, so first we will install EPEL, EPEL contains all extra package for all centos.
To install epel, run the following command
yum install epel-release -y
After installation of EPEL repository, We can install fail2ban directly from yum.
Step 1. Install Fail2ban via yum
yum install fail2ban
Step 2. Configure Fail2ban Configuration file
Make a copy of the jail.conf file and save it with the name jail.local
cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Open the jail.local file for editing in vim/vi with the following command.(Or you can use editor of your choice, like nano.)
Here is simple output of jail.conf file default valuse , you can customise settings according to your preferences.
[DEFAULT] # # MISCELLANEOUS OPTIONS # # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. ignoreip = 127.0.0.1/8 # External command that will take an tagged arguments to ignore, e.g. <ip>, # and return true if the IP is to be ignored. False otherwise. # # ignorecommand = /path/to/command <ip> ignorecommand = # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 600 # "maxretry" is the number of failures before a host get banned. maxretry = 5
Add a jail file to protect SSH and ftp(vsftpd) server
[sshd] enabled = true port = ssh logpath = %(sshd_log)s maxretry = 5 bantime = 86400
Start fail2ban service
If you are not running firewall yet.
systemctl enable firewalld systemctl start firewalld systemctl enable fail2ban systemctl start fail2ban