2.2 C
Amsterdam
Saturday, December 5, 2020

Secure a web server with Fail2ban on Ubuntu 18.04

Must read

How to change the MAC address in Windows 10

Hello! How are you? Today we will see how to change the MAC address on a computer with Windows 10. In fact, it is...

How To Configure Slave BIND DNS Server On Ubuntu 20.04

In our previous guide we covered the setup of Master(Primary) DNS Server. Here we'll learn that how to configure slave bind dns server on...

Install Fossil on Linux – An alternative to Git

Hello, friends. In this post, we will talk about a serious alternative to Git. In a few words, we'll show you how to install...

How to backup and restore BCD in Windows 10

Hi! Boot Configuration Data (BCD) is a set of data where the system boot information is stored. In addition, from there the operating systems...
angeloma
angeloma
Senior Writer and partner

Having a web server where your main applications are run carries with it a great responsibility. Or even if a website or other services are hosted on that server. Therefore, it is necessary to take many security measures to protect the server from intruders. Some of these security policies are difficult to implement and others very simple. With this in mind, today I will teach you how to secure a web server using Fail2ban.

Fail2ban is an application developed in Python that works as an intrusion prevention system. The application watches the number of times you try to access service within the web server and blocks the IP address from where you are making the alleged attack. For example, to access many web servers is used ssh, so this is one of the most attacked services. Then it becomes necessary to further protect that service.

In addition, Fail2ban also protects other important services such as FTP, Apache, courier among others.

So, let’s install and configure it on Ubuntu 18.04.

1. Upgrade the system

Not only is using Fail2ban a good way to protect your server, but it’s also a good way to keep your system up to date. So, run:

:~$ sudo apt update && sudo apt upgrade

1. Upgrade the system
1. Upgrade the system

Now your upgraded system has the security patches properly installed and working.

2. Install Fail2ban on Ubuntu 18.04

The fastest and easiest way to install Fail2ban is to use the official Ubuntu repositories. So it all comes down to this command:

:~$ sudo apt install fail2ban

2.- Install Fail2ban
2.- Install Fail2ban

Once the process is finished, check the installed version.

 

:~$ fail2ban-server --version

3.- Check the fail2ban version
3.- Check the fail2ban version

Finally, start and enable the service to start with the system.

It is also a good idea to check the service status.

:~$ sudo systemctl enable fail2ban
:~$ sudo systemctl start fail2ban
:~$ sudo systemctl status fail2ban

4.- Check the service status
4.- Check the service status

So, that’s it. Let’s configure it.

3. Secure a web server with Fail2ban

The configuration of Fail2ban is really simple and can be found in the text file called jail.conf located in /etc/fail2ban.

You can use this file or create a new one.

So, back up the original file.

:~$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak

5.- Making a back up for the configuration file
5.- Making a back up for the configuration file

Next, open the file, delete everything and just add the following:

:~$ sudo rm /etc/fail2ban/jail.conf && sudo nano /etc/fail2ban/jail.conf
[DEFINITION]
loglevel = 3
logtarget = /var/log/fail2ban.log
socket = /var/run/fail2ban/fail2ban.sock

[DEFAULT]
ignoreip = 127.0.0.1 192.168.0.50
bantime = 600
findtime = 600
maxretry = 3
backend = auto
# Default action to take: ban only
action = iptables[name=%(__name__)s, port=%(port)s]
 
[ssh-iptables]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3

I’ll explain briefly the components of the file:

  • ignoreip: It will never ban or block connections from those IP addresses. It is convenient to add your public IP address.
  • bantime: The duration of the ban expressed in seconds. 600 = 10 minutes.
  • Maxretry: Maximum permitted attempts.
  • Action: what the program will do to secure a web server.

Restart the service:

:~$ sudo systemctl restart fail2ban

7.- Restart the service
7.- Restart the service

4. Final configurations

You can also check the Fail2ban log.

:~# cat /var/log/fail2ban.log

8.- Fail2ban log
8.- Fail2ban log

Now, when somebody fails the authentication three times will be banned.

Conclusion

Protecting your server from a brute force attack is possible with Fail2ban. The best of all is that it is a very simple process and very useful for everything that can avoid us.

So, share this post with your friends.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

-

Latest article

How to change the MAC address in Windows 10

Hello! How are you? Today we will see how to change the MAC address on a computer with Windows 10. In fact, it is...

How To Configure Slave BIND DNS Server On Ubuntu 20.04

In our previous guide we covered the setup of Master(Primary) DNS Server. Here we'll learn that how to configure slave bind dns server on...

Install Fossil on Linux – An alternative to Git

Hello, friends. In this post, we will talk about a serious alternative to Git. In a few words, we'll show you how to install...

How to backup and restore BCD in Windows 10

Hi! Boot Configuration Data (BCD) is a set of data where the system boot information is stored. In addition, from there the operating systems...

How To Install and Configure Master BIND DNS Server On Ubuntu 20.04

Today we are going to learn that how to install and configure Master BIND DNS server on Ubuntu 20.04. As you all know that...
x