VPS Security Made Easy

Aidan | Security | 11 February

Here at dediserve, we understand the massive importance security plays in the day to day management of the data on your server, in a recent blog post we went through a short tutorial on setting up IPTables on your Virtual Server.

As a follow up to that blog post we will now look at an additional peice of opensource software that will enhance the use of IPtables whilst reducing the amount of work needed in terms of administration on your server.

This is done by installing and setting up the opensource Fail2ban software on your linux virtual machine - Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules dynamically to reject the IP address.

For this installation i will be using Ubuntu 8.04:

The command to install this in Ubuntu is:

apt-get install fail2ban

Now we need to modify its configuration files. They are under the /etc/fail2ban.

In the file check jail.conf. You will see the developer's warning about not modifying this file and rather putting your changes in directory /etc/fail2ban/jail.local.

So let's copy the /etc/fail2ban/jail.conf to the /etc/fail2ban/jail.local and open the jail.local with text editor

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

To Configure fail2ban go to :

cd /etc/fail2ban

vi  jail.local

You will now see a list of configuration options such as :

[ssh]

enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6

[ssh-ddos]

enabled = false
port    = ssh
filter  = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 6

# HTTP servers
#

[apache]

enabled = false
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6

And so on for FTP, DNS,Mail servers etc, you can configure for each particular service the amount of times a user can try to login before their locked out , and their IP added to your deny access list on IPTABLES.

Once you have made your changes to the configuration simply restart fail2ban in order for the changes to take affect

sudo /etc/init.d/fail2ban restart

From now on offending IP's will be simply added to your iptables deny list automatically , esnuring the security of your machine and less work in security admin for you.

Get a 'banger' of a deal in Frankfurt