• Home
  • Archive
  • Tools
  • Contact Us
  • Forum

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
Home » Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

By Abhishek Ghosh August 17, 2015 9:58 pm Updated on August 17, 2015

Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

Advertisement

Here is Guide With Steps on Installing Fail2ban on Ubuntu 14.04 on Server Running Nginx on HP Cloud. It adds a layer of security to SSH. HP Cloud has key based login and excellent virtual router where we can control the ingress-egress policies. We have shown before how to add port knocking to hide the SSH daemon. Fail2ban is another way to add security. This guide is intended for the advanced users.

 

Installing Fail2ban on Ubuntu 14.04 : Preface

 

Fail2ban is an intrusion prevention software to protect the servers from brute-force attacks. Fail2ban is written in the Python. Fail2ban monitors the log files for selected entries and run scripts. Most commonly this is used to block selected IP addresses which may breach the security. It can ban any IP that makes too many login attempts or performs any other action within a time frame defined by the sysadmin. The standard configuration ships with filters for Apache, Lighttpd etc. Filters are defined by Python regexes.

Fail2ban automatically alter the iptables firewall configuration, this is how the server to respond to illegitimate attempts in an automated way. We talked about jailed shell before.

 

Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

 

We will suggest to take a snapshot of the running server if it is a live website as described in Disaster Mananagement using OpenStack Raksha and Floating IP.

First run update and then install Fail2ban :

Vim
1
apt update -y && apt-get install fail2ban

You can run cat on this file :

Vim
1
cat /etc/fail2ban/jail.conf

to check the contents. We need to copy it to /etc/fail2ban/jail.local and edit it :

Vim
1
2
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

Find the section named [DEFAULT] and localhost should not be banned :

Vim
1
ignoreip = 127.0.0.1/8

The [DEFAULT] section, excluding the commented out lines looks like this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[DEFAULT]
 
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 3
backend = auto
usedns = warn
destemail = root@localhost
sendername = Fail2Ban
banaction = iptables-multiport
mta = sendmail
protocol = tcp
chain = INPUT
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
          %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
           %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
action = %(action_)s

There are three parameters you must about – bantime, maxretry and findtime.

Advertisement

---

bantime parameter sets the length of time that a client will be banned failing to authenticate. By default, this is set to 600 seconds. maxretry sets the number of tries a client can do within timeframe defined by findtime before getting banned. By default, fail2ban service will ban client attempts to log in 3 times within a 10 minute timeframe.

Vim
1
2
3
4
5
6
...
bantime = 600
...
findtime = 600
maxretry = 3
...

There will be a section named [SSH]. It must be enabled :

Vim
1
enabled = true

Before going to Nginx related settings, we are mentioning once – /etc/fail2ban/filter.d directory keeps the filters. There should be section named [nginx-http-auth] in /etc/fail2ban/jail.local, it should look like this :

Vim
1
2
3
4
5
6
[nginx-http-auth]
 
enabled = true
filter  = nginx-http-auth
port    = http,https
log path = /var/log/nginx/error.log

where /var/log/nginx/error.log is the real log of Nginx. To force the automation at firewall, we need to install :

Vim
1
apt-get install iptables-persistent

We are providing a set of commands for basic security :

Vim
1
2
3
4
5
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP

Stop the service and start it :

Vim
1
service fail2ban stop && service fail2ban start

check the iptables rules :

Vim
1
sudo iptables -S

You can check this file by running cat :

Vim
1
cat /etc/fail2ban/action.d/iptables-multiport.conf

It is beyond our scope to highly customize Fail2ban for your need, you should look at the official website and read the manual of Fail2ban. For example, we have not talked about :

Installing Fail2ban on Ubuntu 14.04 - Nginx, HP Cloud

 

Hello! I Want To Use Fail2ban With ufw

 

As Fail2ban uses iptables and inserts rules first in the INPUT chain, if there is ufw running, it might not get integrated. To fully integrate Fail2ban to use ufw rather then iptables you will need to edit :

Vim
1
nano /etc/fail2ban/jail.conf

the [ssh] section should look like this :

Vim
1
2
3
4
5
6
7
[ssh]
enabled = true
banaction = ufw-ssh
port = 2992
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

then :

Vim
1
nano /etc/fail2ban/action.d/ufw-ssh.conf

Vim
1
2
3
4
5
6
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip> to any app OpenSSH
actionunban = ufw delete deny from <ip> to any app OpenSSH

Facebook Twitter Google+ Pinterest

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Google Plus - Abhishek Ghosh1 and on Twitter - @AbhishekCTRL.

Follow the Author of this article :

13.7K+ Followers 18.7K+ Followers 2.5K+ Followers 1.5K Followers

Here’s what we’ve got for you which might like :

Articles Related to Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud

  • Setup own URL Shortening Service for Websites on Rackspace Cloud

    Setup own URL Shortening Service for Websites on Rackspace Cloud within fraction of a minute using Free Google Apps Labs Short Links service.

  • Cloud Computing Disaster Recovery For WordPress After Hacking

    Cloud Computing Disaster Recovery Cheat Sheet for WordPress presents the clever ways to make the hacker fool and get your website back within few minutes.

  • Cloud Security Solutions for Tablets and Smartphones

    Cloud Security Solutions for Tablets and Smartphones covers the issues with lost or stolen mobile devices, accidental data deletion, App security and Malwares.

  • Cloud Server, PaaS, VPS, Dedicated Server : Choose the Right

    Cloud Server, PaaS, VPS, Dedicated Server, Colocation Server – lot of options for hosting from Free to few thousand dollars per month. Which one to pick ?

  • Service Oriented Architecture (SOA) : Detail Article

    Service Oriented Architecture or SOA is an architectural pattern of IT which plays a special role on business processes, where levels of abstraction are basis.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Google+ or Twitter to join the conversation right now!

If you want to Advertise on our Article or want Business Partnership, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website...

 

 

Popular Articles

All articles of this Website are fully Free to read. Here are some, which possibly you'll like to read! Do not hesitate to contact us for any concern.

Contact Us

Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Recent Posts

  • Android Mobile Development Boards : Practical to Consider Now April 22, 2018
  • Mechanical Counter for Arduino : Basic Information April 21, 2018
  • Difference Between Microservices and API Based Cloud Services April 20, 2018
  • Example of Using IBM Watson For Text Analysis with Google Docs April 20, 2018
  • Arduino WiFi Control of LED From Web Browser April 19, 2018

About This Article

Title: Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud
August 17, 2015
Author: Abhishek Ghosh
Subjects: Cloud Computing, Computer and Internet
Is Part Of:

TheCustomizeWindows, August 17, 2015, Vol.1(01),
p.1–39075 [IoT Ready Journal]

Source:The Customize Windows
ISSN: 0019-5847 ;
E-ISSN: 0019-5847 ;
Publisher: jima.in

Cite this article as: Abhishek Ghosh, "Installing Fail2ban on Ubuntu 14.04 : Nginx, HP Cloud," in The Customize Windows, August 17, 2015, April 22, 2018, https://thecustomizewindows.com/2015/08/installing-fail2ban-on-ubuntu-14-04-nginx-hp-cloud/.
This website uses cookies.

Read Cookie Policy

Contents are copyright protected and reproduction demands our permission.


PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

web analysis

Copyright © 2018 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy