PDA

View Full Version : Tutorial: enabling vsftpd bruteforce protection in Fail2ban on CentOS 7



Fli
07-17-2020, 09:01 AM
I am on CentOS 7 and was wondering how to enable vsftpd protection and prevent successfull brute force attack on FTP port 21.

I think i succeeded. Here is what i did:

On official f2b "Vsftpd" wiki page (https://www.fail2ban.org/wiki/index.php/Vsftpd) i read i should try following command to test fail2ban filter (/etc/fail2ban/filter.d/vsftpd.conf) against my vsftpd log file:


fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/vsftpd.conf

i think it should display some matches: "Lines: 1849 lines, 0 ignored, 11 matched, 1838 missed"

(Maybe your vsftpd log entries are not in secure log but in vsftpd.log)

Since i got matches i was thinking that the filter works so i went ahead to enable blocking in f2b.

/etc/fail2ban/fail2ban.conf does not suggest any easy way to enable vsftpd and it states i should use .local file instead of this .conf.


ls -A1 /etc/fail2ban

/etc/fail2ban/jail.local was the only .local file in /etc/fail2ban/

And this is its content after i inserted vsftpd jail (
nano /etc/fail2ban/jail.local):


[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure

[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables[name=VSFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=VSFTPD, dest=root, sender=fail2ban]
logpath = /var/log/secure
maxretry = 20
bantime = -1


then i test configuration:

fail2ban-client -t

then i reload f2b to apply the configuration change (enable vsftpd jail):


service fail2ban reload;fail2ban-client status

it shows that the vsftpd protection is active