How to Safeguard Your Ubuntu 22.04 Server with UFW Firewall and Fail2ban
Thank to: https://shape.host/
In today’s digital landscape, securing your server against malicious login attempts and brute-force attacks is of utmost importance. One effective tool for Linux servers is Fail2ban, a free and open-source Intrusion Prevention Software (IPS). Fail2ban is written in Python and offers filters for various services such as Apache2, SSH, FTP, and more. By scanning log files and identifying malicious login attempts, Fail2ban blocks the IP addresses of the attackers, effectively reducing the risk of unauthorized access.
In this comprehensive guide, we will walk you through the process of installing and configuring Fail2ban on your Ubuntu 22.04 server. We will cover everything from setting up the UFW Firewall to managing Fail2ban using the fail2ban-client command. By the end of this tutorial, you will have a secure and well-protected server, shielded from potential threats.
Prerequisites
Before we dive into the installation process, make sure you have the following prerequisites:
- An Ubuntu 22.04 server
- A non-root user with sudo privileges
Setting Up the UFW Firewall
Before installing Fail2ban, it’s essential to set up the UFW Firewall on your Ubuntu server. The UFW Firewall is the default firewall for Ubuntu, offering a user-friendly interface for managing firewall rules.
To check the status of your UFW Firewall, run the following command:
sudo ufw status
If the status is shown as “inactive,” it means that your UFW Firewall is not yet started. In this case, you can install it by running the following command:
sudo apt install ufw -y
Once the installation is complete, you can add the SSH service to the UFW Firewall using the command:
sudo ufw allow ssh
To start and enable the UFW Firewall, use the following command:
sudo ufw enable
Confirm your action by typing “y” and hitting Enter. You can then verify the UFW Firewall status by running:
sudo ufw status
You should see a message stating “Status: active” with the SSH port 22 added to the firewall rules.
Installing Fail2ban on Ubuntu 22.04
Now that the UFW Firewall is set up, you can proceed with the installation of Fail2ban. Begin by updating and refreshing your Ubuntu repository:
sudo apt update
Once the update is complete, install the Fail2ban package by running the following command:
sudo apt install fail2ban -y
After the installation finishes, enable and start the Fail2ban service with the following commands:
sudo systemctl enable fail2bansudo systemctl start fail2ban
To verify the status of the Fail2ban service, use the command:
sudo systemctl status fail2ban
You should see a message indicating that the Fail2ban service is running on your Ubuntu 22.04 server.
Configuring Fail2ban
With Fail2ban successfully installed, it’s time to configure the software to meet your specific needs. All Fail2ban configuration files are stored in the /etc/fail2ban directory. Let’s explore the key configuration files and settings.
- fail2ban.conf: The main configuration file for Fail2ban.
- jail.conf: An example of the Fail2ban jail configuration.
- action.d: Contains Fail2ban action settings, such as mail and firewall settings.
- jail.d: Contains additional configuration for Fail2ban jails.
To begin the configuration process, make a copy of the default jail configuration file (jail.conf) and name it jail.local:
sudo cp /etc/fail2ban/jail.conf/etc/fail2ban/jail.local
Next, open the jail.local configuration file using the nano editor:
sudo nano /etc/fail2ban/jail.local
Inside this file, you can make various adjustments to customize Fail2ban according to your requirements. Let’s explore some important configurations you should consider.
IP Whitelisting
By uncommenting the ignoreip
option and adding your IP address, you can ensure that Fail2ban will not block your own IP. For example:
ignoreip = 127.0.0.1/8::1 192.168.1.0/24 192.168.10.20
Replace the example IP addresses with your own.
Ban Settings
You can customize the ban settings to suit your needs. For instance, you can adjust the bantime
,findtime
, and maxretry
options. Here’s an example configuration:
bantime = 1dfindtime = 10mmaxretry = 5
In this example, the bantime
is set to 1 day, the findtime
is set to 10 minutes, and the maxretry
is set to 5 attempts.
Email Notification
Fail2ban can be configured to send email notifications whenever an IP address is banned. To enable this feature, modify the action
option in the configuration file. You can also specify the sender and destination email addresses:
action = %(action_mw)sdestemail = test@example.comsende r= test@example.com
Replace the example email addresses with your own.
Firewall Integration
Fail2ban supports
multiple firewall backends, including iptables, UFW, and firewalld. To
integrate Fail2ban with UFW, change the banaction
option to ufw
:
banaction= ufw
Jails Configuration
The jails section in the configuration file allows you to secure specific services using Fail2ban. For example, to enable the SSH jail, use the following configuration:
[sshd]enabled = truemaxretry = 3findtime = 1dbantime = 1wport = sshlogpath = %(sshd_log)sbackend = %(sshd_backend)s
In this example, the SSH jail is enabled, with a maximum retry count of 3, a findtime of 1 day, and a bantime of 1 week.
Save and close the configuration file when you’re done. To apply the changes, restart the Fail2ban service:
sudo systemctl restart fail2ban
Verifying Fail2ban Status using fail2ban-client
The fail2ban-client command-line tool allows you to interact with the Fail2ban service and manage its jails. You can use this tool to verify the installation and configuration of Fail2ban.
To check if Fail2ban is running without errors, ping the Fail2ban server:
sudo fail2ban-client ping
If the server replies with “pong,” it means that Fail2ban is running correctly.
To view the status of a specific jail, such as the SSH jail, use the following command:
sudo fail2ban-client status sshd
This command provides detailed information about the jail, including the log file for the service and the list of banned IP addresses.
You can also use the fail2ban-client command to retrieve specific configuration values. For example, to check the bantime
configuration for the SSH jail, use:
sudo fail2ban-clientget sshd bantime
The output will display the bantime
value in seconds.
Similarly, you can retrieve other configuration values such as maxretry
,banaction
,findtime
, and ignoreip
using the appropriate fail2ban-client commands.
Banning and Unbanning IP Addresses
One of the most crucial features of Fail2ban is the ability to ban and unban IP addresses. You can use the fail2ban-client command for these operations as well.
To ban an IP address manually in the SSH jail, use the following command:
sudo fail2ban-clientset sshd banip IP-ADDRESS
Replace “IP-ADDRESS” with the actual IP address you want to ban.
To unban an IP address from the SSH jail, use the command:
sudo fail2ban-clientset sshd unbanip IP-ADDRESS
Again, replace “IP-ADDRESS” with the IP address you want to unban.
To verify whether an IP address has been successfully banned or unbanned, use the following command:
sudo fail2ban-client status sshd
Make sure the IP address appears in the list of banned IP addresses when banning, and disappears when unbanning.
Conclusion
Congratulations! You have successfully installed and configured Fail2ban on your Ubuntu 22.04 server, significantly enhancing its security. By combining Fail2ban with the UFW Firewall, you have created a robust defense against malicious login attempts and brute-force attacks. You have also learned how to manage Fail2ban using the fail2ban-client command, including how to ban and unban IP addresses.
Remember, securing your server is a continuous process. Regularly monitor Fail2ban’s logs and adjust its configuration as needed to adapt to new threats. By taking these proactive security measures, you can ensure the safety and integrity of your Ubuntu 22.04 server.
For reliable and scalable cloud hosting solutions, consider Shape.host’s Linux SSD VPS services. With Shape.host, you can focus on your business while entrusting the security and performance of your server to a dependable cloud hosting provider.
Comentarios
Publicar un comentario
Dime si la información de este blog te sirvio.