How to Safeguard Your Ubuntu 22.04 Server with UFW Firewall and Fail2ban

 Thank to: https://shape.host/

‍In today’s digital landscape, securing your server against malicious login attempts and brute-force attacks is of utmost importance. One effective tool for Linux servers is Fail2ban, a free and open-source Intrusion Prevention Software (IPS). Fail2ban is written in Python and offers filters for various services such as Apache2, SSH, FTP, and more. By scanning log files and identifying malicious login attempts, Fail2ban blocks the IP addresses of the attackers, effectively reducing the risk of unauthorized access.

In this comprehensive guide, we will walk you through the process of installing and configuring Fail2ban on your Ubuntu 22.04 server. We will cover everything from setting up the UFW Firewall to managing Fail2ban using the fail2ban-client command. By the end of this tutorial, you will have a secure and well-protected server, shielded from potential threats.

Prerequisites

Before we dive into the installation process, make sure you have the following prerequisites:

  • An Ubuntu 22.04 server
  • A non-root user with sudo privileges

Setting Up the UFW Firewall

Before installing Fail2ban, it’s essential to set up the UFW Firewall on your Ubuntu server. The UFW Firewall is the default firewall for Ubuntu, offering a user-friendly interface for managing firewall rules.

To check the status of your UFW Firewall, run the following command:

sudo ufw status

If the status is shown as “inactive,” it means that your UFW Firewall is not yet started. In this case, you can install it by running the following command:

sudo apt install ufw -y

Once the installation is complete, you can add the SSH service to the UFW Firewall using the command:

sudo ufw allow ssh

To start and enable the UFW Firewall, use the following command:

sudo ufw enable

Confirm your action by typing “y” and hitting Enter. You can then verify the UFW Firewall status by running:

sudo ufw status

You should see a message stating “Status: active” with the SSH port 22 added to the firewall rules.

Installing Fail2ban on Ubuntu 22.04

Now that the UFW Firewall is set up, you can proceed with the installation of Fail2ban. Begin by updating and refreshing your Ubuntu repository:

sudo apt update

Once the update is complete, install the Fail2ban package by running the following command:

sudo apt install fail2ban -y

After the installation finishes, enable and start the Fail2ban service with the following commands:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

To verify the status of the Fail2ban service, use the command:

sudo systemctl status fail2ban

You should see a message indicating that the Fail2ban service is running on your Ubuntu 22.04 server.

Configuring Fail2ban

With Fail2ban successfully installed, it’s time to configure the software to meet your specific needs. All Fail2ban configuration files are stored in the /etc/fail2ban directory. Let’s explore the key configuration files and settings.

  • fail2ban.conf: The main configuration file for Fail2ban.
  • jail.conf: An example of the Fail2ban jail configuration.
  • action.d: Contains Fail2ban action settings, such as mail and firewall settings.
  • jail.d: Contains additional configuration for Fail2ban jails.

To begin the configuration process, make a copy of the default jail configuration file (jail.conf) and name it jail.local:

sudo cp /etc/fail2ban/jail.conf/etc/fail2ban/jail.local

Next, open the jail.local configuration file using the nano editor:

sudo nano /etc/fail2ban/jail.local

Inside this file, you can make various adjustments to customize Fail2ban according to your requirements. Let’s explore some important configurations you should consider.

IP Whitelisting

By uncommenting the ignoreip option and adding your IP address, you can ensure that Fail2ban will not block your own IP. For example:

ignoreip = 127.0.0.1/8::1 192.168.1.0/24 192.168.10.20

Replace the example IP addresses with your own.

Ban Settings

You can customize the ban settings to suit your needs. For instance, you can adjust the bantime,findtime, and maxretry options. Here’s an example configuration:

bantime = 1d
findtime = 10m
maxretry = 5

In this example, the bantime is set to 1 day, the findtime is set to 10 minutes, and the maxretry is set to 5 attempts.

Email Notification

Fail2ban can be configured to send email notifications whenever an IP address is banned. To enable this feature, modify the action option in the configuration file. You can also specify the sender and destination email addresses:

action = %(action_mw)s
destemail = test@example.com
sende r= test@example.com

Replace the example email addresses with your own.

Firewall Integration

Fail2ban supports multiple firewall backends, including iptables, UFW, and firewalld. To integrate Fail2ban with UFW, change the banaction option to ufw:

banaction= ufw

Jails Configuration

The jails section in the configuration file allows you to secure specific services using Fail2ban. For example, to enable the SSH jail, use the following configuration:

[sshd]
enabled = true
maxretry = 3
findtime = 1d
bantime = 1w
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

In this example, the SSH jail is enabled, with a maximum retry count of 3, a findtime of 1 day, and a bantime of 1 week.

Save and close the configuration file when you’re done. To apply the changes, restart the Fail2ban service:

sudo systemctl restart fail2ban

Verifying Fail2ban Status using fail2ban-client

The fail2ban-client command-line tool allows you to interact with the Fail2ban service and manage its jails. You can use this tool to verify the installation and configuration of Fail2ban.

To check if Fail2ban is running without errors, ping the Fail2ban server:

sudo fail2ban-client ping

If the server replies with “pong,” it means that Fail2ban is running correctly.

To view the status of a specific jail, such as the SSH jail, use the following command:

sudo fail2ban-client status sshd

This command provides detailed information about the jail, including the log file for the service and the list of banned IP addresses.

You can also use the fail2ban-client command to retrieve specific configuration values. For example, to check the bantime configuration for the SSH jail, use:

sudo fail2ban-clientget sshd bantime

The output will display the bantime value in seconds.

Similarly, you can retrieve other configuration values such as maxretry,banaction,findtime, and ignoreip using the appropriate fail2ban-client commands.

Banning and Unbanning IP Addresses

One of the most crucial features of Fail2ban is the ability to ban and unban IP addresses. You can use the fail2ban-client command for these operations as well.

To ban an IP address manually in the SSH jail, use the following command:

sudo fail2ban-clientset sshd banip IP-ADDRESS

Replace “IP-ADDRESS” with the actual IP address you want to ban.

To unban an IP address from the SSH jail, use the command:

sudo fail2ban-clientset sshd unbanip IP-ADDRESS

Again, replace “IP-ADDRESS” with the IP address you want to unban.

To verify whether an IP address has been successfully banned or unbanned, use the following command:

sudo fail2ban-client status sshd

Make sure the IP address appears in the list of banned IP addresses when banning, and disappears when unbanning.

Conclusion

Congratulations! You have successfully installed and configured Fail2ban on your Ubuntu 22.04 server, significantly enhancing its security. By combining Fail2ban with the UFW Firewall, you have created a robust defense against malicious login attempts and brute-force attacks. You have also learned how to manage Fail2ban using the fail2ban-client command, including how to ban and unban IP addresses.

Remember, securing your server is a continuous process. Regularly monitor Fail2ban’s logs and adjust its configuration as needed to adapt to new threats. By taking these proactive security measures, you can ensure the safety and integrity of your Ubuntu 22.04 server.

For reliable and scalable cloud hosting solutions, consider Shape.host’s Linux SSD VPS services. With Shape.host, you can focus on your business while entrusting the security and performance of your server to a dependable cloud hosting provider.

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

Policy Based Routing example: route one subnet via ISP A and another via ISP B

Imagen
thanks to: http://glennmatthys.wordpress.com/ Goal Setup a network with a Cisco router that routes one local subnet via internet connection A and another local subnet via internet connection B. In this example we’ll use one LAN side, which has two subnets: 192.168.1.0/24 192.168.2.0/24 We want traffic destined for the internet, originating from the 192.168.1.0/24 network, to be sent to ISP A, which is connected to FastEthernet0 We want traffic destined for the internet, originating from the 192.168.2.0/24 network, to be sent to ISP B, which is connected to FastEthernet1 Both internet connections get their IP address via DHCP. Prerequisites For this  configuration you’ll need: One dual WAN router, such as a 1811 Two internet connections (or simulated ones) 2 nodes, one for the 192.168.1.0/24 subnet and one for the 192.168.2.0/24 subnet. These can be two different computers, or two virtual machines, etc… ClientA, Windows 7, will connect to 192.168.1.0/24 and sur
Leer más