Puttygen example

install-epel-releaseIn week 4, I had setup a Secure Shell (SSH) Protocol to enable remote feature. This week, I added more features to enhance security for my email server.

Fail2ban

First feature I added was Fail2ban; Fail2ban is a service that protects computer servers, especially when it deals with brute force attacks. By configuring Fail2ban rules, IP addresses will be rejected a certain amount of time if the number of unsuccessful login attempts and it will also send an email to notify the administrator if there had been a failed login.

Since Fail2ban is not available in the default repository, I had to install Extra Packages for Enterprise Linux (EPEL) and then install Fail2ban.

finish-installing-fail2ban-packages# yum install epel-release

# yum install fail2ban

# systemctl enable fail2ban

Configure Local settings

# vim /etc/fail2ban/jail.local

With this configuration, clients will be banned for 600 seconds if they reach 3 unsuccessful login attempts in 600 seconds. Moreover, by checking log under # /var/log/fail2ban.log, the administrator will able to see the details of any bans, unbans and attempted login activities.

fail2ban-local-settingsExample of banned IP address for 600 seconds as shown below:

Disable root access to harden server

Second thing I had to setup was to disable root login and created a normal account with root permission because login as root can do anything; for example, system will execute things without asking root and perhaps sometimes people may execute commands too fast without thinking about the consequence.

Create public key and private key to login to CentOS server

Last thing I did was adding another layer of security to CentOS server, which was to create a public key and private key. By using PuTTYgen I was able to create a public key and config it to server and a private key for myself to login to server.

Puttygen program

Puttygen online

Puttygen exe

Puttygen download

Puttygen.exe help