Secure a web server with Fail2ban on Ubuntu 18.04

Windows Articles

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...
angeloma
angeloma
Senior Writer and partner

Having a web server where your main applications are run carries with it a great responsibility. Or even if a website or other services are hosted on that server. Therefore, it is necessary to take many security measures to protect the server from intruders. Some of these security policies are difficult to implement and others very simple. With this in mind, today I will teach you how to secure a web server using Fail2ban.

Fail2ban is an application developed in Python that works as an intrusion prevention system. The application watches the number of times you try to access service within the web server and blocks the IP address from where you are making the alleged attack. For example, to access many web servers is used ssh, so this is one of the most attacked services. Then it becomes necessary to further protect that service.

In addition, Fail2ban also protects other important services such as FTP, Apache, courier among others.

So, let’s install and configure it on Ubuntu 18.04.

1. Upgrade the system

Not only is using Fail2ban a good way to protect your server, but it’s also a good way to keep your system up to date. So, run:

:~$ sudo apt update && sudo apt upgrade

1. Upgrade the system
1. Upgrade the system

Now your upgraded system has the security patches properly installed and working.

2. Install Fail2ban on Ubuntu 18.04

The fastest and easiest way to install Fail2ban is to use the official Ubuntu repositories. So it all comes down to this command:

:~$ sudo apt install fail2ban

2.- Install Fail2ban
2.- Install Fail2ban

Once the process is finished, check the installed version.

 

:~$ fail2ban-server --version

3.- Check the fail2ban version
3.- Check the fail2ban version

Finally, start and enable the service to start with the system.

It is also a good idea to check the service status.

:~$ sudo systemctl enable fail2ban
:~$ sudo systemctl start fail2ban
:~$ sudo systemctl status fail2ban

4.- Check the service status
4.- Check the service status

So, that’s it. Let’s configure it.

3. Secure a web server with Fail2ban

The configuration of Fail2ban is really simple and can be found in the text file called jail.conf located in /etc/fail2ban.

You can use this file or create a new one.

So, back up the original file.

:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak

5.- Making a back up for the configuration file
5.- Making a back up for the configuration file

Next, open the file, delete everything and just add the following:

:~$ sudo rm /etc/fail2ban/jail.conf && sudo nano /etc/fail2ban/jail.conf
[DEFINITION]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock

[DEFAULT]
ignoreip = 127.0.0.1 192.168.0.50
bantime = 600
findtime = 600
maxretry = 3
backend = auto
# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]
 
[ssh-iptables]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3

I’ll explain briefly the components of the file:

  • ignoreip: It will never ban or block connections from those IP addresses. It is convenient to add your public IP address.
  • bantime: The duration of the ban expressed in seconds. 600 = 10 minutes.
  • Maxretry: Maximum permitted attempts.
  • Action: what the program will do to secure a web server.

Restart the service:

:~$ sudo systemctl restart fail2ban

7.- Restart the service
7.- Restart the service

4. Final configurations

You can also check the Fail2ban log.

:~# cat /var/log/fail2ban.log

8.- Fail2ban log
8.- Fail2ban log

Now, when somebody fails the authentication three times will be banned.

Conclusion

Protecting your server from a brute force attack is possible with Fail2ban. The best of all is that it is a very simple process and very useful for everything that can avoid us.

So, share this post with your friends.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to install Lighttpd on Ubuntu 20.04?

There are many web services in Unix but we always look for the one that best suits our needs. In this case,...

How to install Docker on Ubuntu 20.04 / Debian 10?

Docker is a fairly popular technology in today's sysadmin. It is logical to think because it means a complete change in the way images...

How to install Mantis Bug Tracker on Ubuntu 20.04?

Hi, folks. In this post, I will help you to install Mantis Bug Tracker on Ubuntu 20.04 If you...

How to install WordPress with Nginx on Ubuntu 20.04?

Hi, folks. In this post, we will help you install Wordpress with Nginx on Ubuntu 20.04. It's a lot easier than you...

Electron 9.0 available

News has arrived that many developers are going to love. And that is that Electron this great cross-platform application framework has released...