Securing vCenter Mobile Access using fail2ban

This is a small post which explains how you can secure vCenter Mobile Access (vCMA). For the people who don’t know what vCenter Mobile Access is I suggest you check out the Flings page. People who use the iPad vSphere Client will probably have this Fling running in their environment or lab.

The Fling itself is a CentOS install which has a few ports open to the outside by default. The following commands will help you install Fail2ban and give you the ability to secure these ports (by default SSH only is secured) from login failures, flooding,…

vcma:~# yum install iptables
vcma:~# wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
vcma:~# rpm -Uvh epel-release-5-4.noarch.rpm 
vcma:~# yum install fail2ban

And finally you can start the service and see it listed in the iptables list.

vcma:~# /etc/init.d/fail2ban start
Starting fail2ban:                                         [  OK  ]
vcma:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-SSH (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere        

That’s it!

Niels Engelen
Working as a pre-sales with an interest for anything virtual and cloud. Certified as a VMware Certified Professional 4, 5 & 6. Niels also gained the VMware vExpert award (2012-2017) and is an ex-PernixPro.