When it comes to hosting security, the relevant question is not if someone will attempt to attack your server, it is when they will attempt it. If you are prepared for it, you may save your websites from harm. If not, it could lead to disaster. One effective tool for preventing intrusion is Fail2ban. It is an open source intrusion prevention framework that monitors log files and bans IP addresses that attempt to login unsuccessfully too many times. This can be very effective in stopping brute force attacks.
To install Fail2Ban on Red Hat Enterprise Linux or CentOS, you will need to add a third party repository, such as RPMForge or EPEL, as the software is not included in the default distribution repository. Once you have the repository added to your list, you can simply run yum to get fail2ban installed:
# yum install fail2ban
After installation there are some basic configuration settings you should review. You can find the configuration file at /etc/fail2ban/jail.conf. Some useful configuration options include:
- ignoreip: You can whitelist IP addresses that should never be blocked. At the very least, include your own IP address.
- bantime: This is the amount of time that a suspicious IP address remains banned (in seconds). The default is 600.
- maxretry: The maximum number of login attempts before an IP gets banned.
- findtime: Once a host starts trying to login, findtime is the length of time during which the maxretry applies. If the maxretry is “3” and the findtime is “600”, a user who fails at 3 login attempts within a 10 minute window will be banned.
Fail2ban will not magically solve all of your security issues, but it can certainly help prevent unauthorized logins on your server. For complete documentation, see the fail2ban website.