However, using a simple tool freely available called fail2ban we can easily keep those intruders out of our machines without having to change our service ports.
In order to get fail2ban working on a CentOS machine you just have to install it straight from the repositories using:
$ yum install fail2ban
And then edit the configuration file to activate ssh and adjust some key parameters.
#edit configuration using your favourite editor ( I like vi )
$ vi /etc/fail2ban/jail.conf
To activate ssh access monitorization find [ssh-iptables] section and make it active
enabled = true
and point the script to the right log file
logpath = /var/log/secure
Then you might want to change the following aditional parameters:
- ignoreip - A comma separated list of IPs you consider safe and would like the script to ignore regarding access attempts (this comes in the top of the configuration file)
- action - Change the sender and recipient emails to get notifications regarding fail2ban actions
- maxretry - The maximum number of failed login attempts before an IP get banned
/etc/init.d/fail2ban restart
and test it. Just make sure you do not get locked out. Anyway, the ban will be released after 10 minutes (default value).
[UPDATE] Forgot to let you know that if you are using Ubuntu you can also install fail2ban from the repositories and it works straight out of the box with no additional configurations required:
$ sudo apt-get install fail2ban
No comments:
Post a Comment