• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

By Abhishek Ghosh August 17, 2015 9:58 pm Updated on August 17, 2015

Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

Advertisement

Here is Guide With Steps on Installing Fail2ban on Ubuntu 14.04 on Server Running Nginx on HP Cloud. It adds a layer of security to SSH. HP Cloud has key based login and excellent virtual router where we can control the ingress-egress policies. We have shown before how to add port knocking to hide the SSH daemon. Fail2ban is another way to add security. This guide is intended for the advanced users.

 

Installing Fail2ban on Ubuntu 14.04 : Preface

 

Fail2ban is an intrusion prevention software to protect the servers from brute-force attacks. Fail2ban is written in the Python. Fail2ban monitors the log files for selected entries and run scripts. Most commonly this is used to block selected IP addresses which may breach the security. It can ban any IP that makes too many login attempts or performs any other action within a time frame defined by the sysadmin. The standard configuration ships with filters for Apache, Lighttpd etc. Filters are defined by Python regexes.

Fail2ban automatically alter the iptables firewall configuration, this is how the server to respond to illegitimate attempts in an automated way. We talked about jailed shell before.

Advertisement

---

 

Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

 

We will suggest to take a snapshot of the running server if it is a live website as described in Disaster Mananagement using OpenStack Raksha and Floating IP.

First run update and then install Fail2ban :

Vim
1
apt update -y && apt-get install fail2ban

You can run cat on this file :

Vim
1
cat /etc/fail2ban/jail.conf

to check the contents. We need to copy it to /etc/fail2ban/jail.local and edit it :

Vim
1
2
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

Find the section named [DEFAULT] and localhost should not be banned :

Vim
1
ignoreip = 127.0.0.1/8

The [DEFAULT] section, excluding the commented out lines looks like this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[DEFAULT]
 
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
destemail = root@localhost
sendername = Fail2Ban
banaction = iptables-multiport
mta = sendmail
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
          %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
           %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
action = %(action_)s

There are three parameters you must about – bantime, maxretry and findtime.

bantime parameter sets the length of time that a client will be banned failing to authenticate. By default, this is set to 600 seconds. maxretry sets the number of tries a client can do within timeframe defined by findtime before getting banned. By default, fail2ban service will ban client attempts to log in 3 times within a 10 minute timeframe.

Vim
1
2
3
4
5
6
...
bantime = 600
...
findtime = 600
maxretry = 3
...

There will be a section named [SSH]. It must be enabled :

Vim
1
enabled = true

Before going to Nginx related settings, we are mentioning once – /etc/fail2ban/filter.d directory keeps the filters. There should be section named [nginx-http-auth] in /etc/fail2ban/jail.local, it should look like this :

Vim
1
2
3
4
5
6
[nginx-http-auth]
 
enabled = true
filter  = nginx-http-auth
port    = http,https
log path = /var/log/nginx/error.log

where /var/log/nginx/error.log is the real log of Nginx. To force the automation at firewall, we need to install :

Vim
1
apt-get install iptables-persistent

We are providing a set of commands for basic security :

Vim
1
2
3
4
5
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP

Stop the service and start it :

Vim
1
service fail2ban stop && service fail2ban start

check the iptables rules :

Vim
1
sudo iptables -S

You can check this file by running cat :

Vim
1
cat /etc/fail2ban/action.d/iptables-multiport.conf

It is beyond our scope to highly customize Fail2ban for your need, you should look at the official website and read the manual of Fail2ban. For example, we have not talked about :

Installing Fail2ban on Ubuntu 14.04 - Nginx, HP Cloud

 

Hello! I Want To Use Fail2ban With ufw

 

As Fail2ban uses iptables and inserts rules first in the INPUT chain, if there is ufw running, it might not get integrated. To fully integrate Fail2ban to use ufw rather then iptables you will need to edit :

Vim
1
nano /etc/fail2ban/jail.conf

the [ssh] section should look like this :

Vim
1
2
3
4
5
6
7
[ssh]
enabled = true
banaction = ufw-ssh
port = 2992
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

then :

Vim
1
nano /etc/fail2ban/action.d/ufw-ssh.conf

Vim
1
2
3
4
5
6
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH

This Article Has Been Shared 512 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

  • Setup own URL Shortening Service for Websites on Rackspace Cloud

    Setup own URL Shortening Service for Websites on Rackspace Cloud within fraction of a minute using Free Google Apps Labs Short Links service.

  • Cloud Computing Disaster Recovery For WordPress After Hacking

    Cloud Computing Disaster Recovery Cheat Sheet for WordPress presents the clever ways to make the hacker fool and get your website back within few minutes.

  • Cloud Security Solutions for Tablets and Smartphones

    Cloud Security Solutions for Tablets and Smartphones covers the issues with lost or stolen mobile devices, accidental data deletion, App security and Malwares.

  • Cloud Server, PaaS, VPS, Dedicated Server : Choose the Right

    Cloud Server, PaaS, VPS, Dedicated Server, Colocation Server – lot of options for hosting from Free to few thousand dollars per month. Which one to pick ?

  • Service Oriented Architecture (SOA) : Detail Article

    Service Oriented Architecture or SOA is an architectural pattern of IT which plays a special role on business processes, where levels of abstraction are basis.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • The Future Of Serverless: The Load-Intensive Workload Case May 25, 2022
  • Cutting Out The Coding: Serverless Computing In Action May 24, 2022
  • Types of Blackjack Variants: Discover the Different Versions of the Game May 23, 2022
  • How Cloud, Robotics And Sensor Technologies Are Changing The Business Landscape May 23, 2022
  • Modernizing Your Business With a Hybrid Cloud Strategy May 22, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud," in The Customize Windows, August 17, 2015, May 25, 2022, https://thecustomizewindows.com/2015/08/installing-fail2ban-on-ubuntu-14-04-nginx-hp-cloud/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy