Securing vCenter Mobile Access using fail2ban

Securing vCenter Mobile Access using fail2ban

This is a small post which explains how you can secure vCenter Mobile Access (vCMA). For the people who don’t know what vCenter Mobile Access is I suggest you check out the Flings page. People who use the iPad vSphere Client will probably have this Fling running in their environment or lab.

The Fling itself is a CentOS install which has a few ports open to the outside by default. The following commands will help you install Fail2ban and give you the ability to secure these ports (by default SSH only is secured) from login failures, flooding,…

vcma:~# yum install iptables
vcma:~# wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
vcma:~# rpm -Uvh epel-release-5-4.noarch.rpm 
vcma:~# yum install fail2ban

And finally you can start the service and see it listed in the iptables list.

vcma:~# /etc/init.d/fail2ban start
Starting fail2ban:                                         [  OK  ]
vcma:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-SSH (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere        

That’s it!

Niels Engelen on GithubNiels Engelen on Twitter
Niels Engelen
Working as a Principal Analyst in Product Management for Veeam Software with an interest in anything virtual and cloud with a strong focus on AWS, Azure and Microsoft 365. He is also a VMware Certified Professional, a Veeam Certified Architect and gained the VMware vExpert award (2012-2022).
Comments are closed.