Secure a web server with Fail2ban on Ubuntu 18.04

0
434

Having a web server where your main applications are run carries with it a great responsibility. Or even if a website or other services are hosted on that server. Therefore, it is necessary to take many security measures to protect the server from intruders. Some of these security policies are difficult to implement and others very simple. With this in mind, today I will teach you how to secure a web server using Fail2ban.

Fail2ban is an application developed in Python that works as an intrusion prevention system. The application watches the number of times you try to access service within the web server and blocks the IP address from where you are making the alleged attack. For example, to access many web servers is used ssh, so this is one of the most attacked services. Then it becomes necessary to further protect that service.

In addition, Fail2ban also protects other important services such as FTP, Apache, courier among others.

So, let’s install and configure it on Ubuntu 18.04.

1. Upgrade the system

Not only is using Fail2ban a good way to protect your server, but it’s also a good way to keep your system up to date. So, run:

:~$ sudo apt update && sudo apt upgrade
1. Upgrade the system
1. Upgrade the system

Now your upgraded system has the security patches properly installed and working.

2. Install Fail2ban on Ubuntu 18.04

The fastest and easiest way to install Fail2ban is to use the official Ubuntu repositories. So it all comes down to this command:

:~$ sudo apt install fail2ban
2.- Install Fail2ban
2.- Install Fail2ban

Once the process is finished, check the installed version.

 

:~$ fail2ban-server --version
3.- Check the fail2ban version
3.- Check the fail2ban version

Finally, start and enable the service to start with the system.

It is also a good idea to check the service status.

:~$ sudo systemctl enable fail2ban
:~$ sudo systemctl start fail2ban
:~$ sudo systemctl status fail2ban
4.- Check the service status
4.- Check the service status

So, that’s it. Let’s configure it.

3. Secure a web server with Fail2ban

The configuration of Fail2ban is really simple and can be found in the text file called jail.conf located in /etc/fail2ban.

You can use this file or create a new one.

So, back up the original file.

:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
5.- Making a back up for the configuration file
5.- Making a back up for the configuration file

Next, open the file, delete everything and just add the following:

:~$ sudo rm /etc/fail2ban/jail.conf && sudo nano /etc/fail2ban/jail.conf
[DEFINITION]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock

[DEFAULT]
ignoreip = 127.0.0.1 192.168.0.50
bantime = 600
findtime = 600
maxretry = 3
backend = auto
# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]
 
[ssh-iptables]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3

I’ll explain briefly the components of the file:

  • ignoreip: It will never ban or block connections from those IP addresses. It is convenient to add your public IP address.
  • bantime: The duration of the ban expressed in seconds. 600 = 10 minutes.
  • Maxretry: Maximum permitted attempts.
  • Action: what the program will do to secure a web server.

Restart the service:

:~$ sudo systemctl restart fail2ban
7.- Restart the service
7.- Restart the service

4. Final configurations

You can also check the Fail2ban log.

:~# cat /var/log/fail2ban.log
8.- Fail2ban log
8.- Fail2ban log

Now, when somebody fails the authentication three times will be banned.

Conclusion

Protecting your server from a brute force attack is possible with Fail2ban. The best of all is that it is a very simple process and very useful for everything that can avoid us.

So, share this post with your friends.

LEAVE A REPLY

Please enter your comment!
Please enter your name here