fail2ban – Improving the security of your server.

(versión en español)

You know how important it is to have your dedicated server or virtual server with a good security policy that makes it difficult the entry of attacking it.

In addition to correctly configure your dedicated server services to add security, we have tools that add an extra layer that potential attackers must overcome if they want to access your system.

Today am going to focus on fail2ban. Fail2ban basically looks at the logs of web service (apache), ssl, imap, smtp, etc,  seeking access attempts that may be malicious, as repeated failures of passwords, searches for exploits on the server, etc …, and it adds the origin ip addresses of the accesses to the firewall (iptables) in order to block access.

In Ubuntu its installation is simple because it is the Ubuntu repositories. Just run the following command line:

$: aptitude install fail2ban

In Centos, fail2ban is not in the default repositories, therefore a repository that contains it (as EPEL) must be added in yum repositories, or download it from here (32 bit). If you add the repository, you should run:

$: yum install fail2ban

or if you download the appropriate rpm file, the command would be:

$: rpm -ivh fail2ban-0.8.4-29.el5.noarch.rpm

Once installed, you have to take a look at 2 main configuration files to make sure everything is in order.

One of them is / etc/fail2ban/fail2ban.conf, in which the configuration parameters of fail2ban are, such as:

  • loglevel -> it sets the log level to be stored in the log file of fail2ban.
  • logtarget -> it specifies the path to the log file of fail2ban.
  • socket -> it sets the file socket for fail2ban.

In / etc/fail2ban/jail.conf is where you specify the services of your server along with the ports and the log file path for the service you want to check. By default, many services are already configured and all you have to do is check if the path of the log is correct.

Once this is done it just remains starting (or restarting your) service:

$: service fail2ban restart

Although there are some more, this is just another layer of protection for your server powerful enough to put a little more difficult to illegal access to your server.

 

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *