fail2ban kopano

How to protect Kopano using Fail2ban

0
(0)

How to Harden Kopano against attacks with Fail2ban

This howto describes how to install and configure Fail2ban for Kopano Groupware on Ubuntu 16.04.4 LTS. Fail2ban provides effective protection against brute-force attacks by filtering out failed attempts of authentication from Syslog and Apache protocol in order to block the host for a certain period of time using a kernel firewall.

Install Fail2ban on Kopano Server

The Fail2ban package will be installed on the Ubuntu host as root as follows. Fail2ban is developed on Python, which is why the required libraries are reloaded.

apt-get update
apt-get install fail2ban -y

After installation, Fail2ban runs and is enabled in systemd for autostart.

systemctl start fail2ban
systemctl enable fail2ban

Provide a Fail2ban filter for Kopano, we create the file kopano-webapp-auth.conf

vi /etc/fail2ban/filter.d/kopano-webapp-auth.conf

Insert the content into the filter file with the following lines:

# Fail2Ban kopano-webbapp-auth filter
# /etc/fail2ban/filter.d/kopano-webapp-auth.conf

[INCLUDES]
before = apache-common.conf

[Definition]
failregex = ^%(_apache_error_client)s Kopano WebApp user:.* authentication failure at MAPI

ignoreregex =

Activate the Fail2ban filter for Kopano by creating the configuration file jail.local.

vi /etc/fail2ban/jail.local

And insert the following content:

[sshd]
port = ssh
logpath = %(sshd_log)s

[kopano-webapp]
enabled = true
port = https
filter = kopano-webapp-auth
logpath = %(apache_error_log)s

[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s

Here error.log is read out with the variable %(apache_error_log), /var/log/apache2/error.log

Restart Fail2ban to enable the changes.

systemctl restart fail2ban

The status of Fail2ban can be checked as follows.

root@kopano:~# fail2ban-client status
Status
|- Number of jail: 3
'- Jail list: apache-auth, kopano-webapp, sshd
 
root@kopano:~# fail2ban-client status kopano-webapp
Status for the jail: kopano-webapp
| Filters
|  |- Currently failed: 0
|  |- Total failed: 7
|  '- File list: /var/log/apache2/mattermost-error.log /var/log/apache2/error.log
'- Actions
   |- Currently banned: 4
   |- Total banned: 52
   '- Banned IP list: 10.10.10.101 172.17.88.91 172.31.16.3 10.32.57.98

The firewall provides information about the status of the hosts currently blocked by Fail2ban, with an iptables query:

iptables -vnL | egrep "f2b-kopano-webapp|apache-auth|sshd"

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *