How to Harden Kopano against attacks with Fail2ban
This howto describes how to install and configure Fail2ban for Kopano Groupware on Ubuntu 16.04.4 LTS. Fail2ban provides effective protection against brute-force attacks by filtering out failed attempts of authentication from Syslog and Apache protocol in order to block the host for a certain period of time using a kernel firewall.
Install Fail2ban on Kopano Server
The Fail2ban package will be installed on the Ubuntu host as root as follows. Fail2ban is developed on Python, which is why the required libraries are reloaded.
apt-get update apt-get install fail2ban -y
After installation, Fail2ban runs and is enabled in systemd for autostart.
systemctl start fail2ban systemctl enable fail2ban
Provide a Fail2ban filter for Kopano, we create the file kopano-webapp-auth.conf
Insert the content into the filter file with the following lines:
# Fail2Ban kopano-webbapp-auth filter # /etc/fail2ban/filter.d/kopano-webapp-auth.conf [INCLUDES] before = apache-common.conf [Definition] failregex = ^%(_apache_error_client)s Kopano WebApp user:.* authentication failure at MAPI ignoreregex =
Activate the Fail2ban filter for Kopano by creating the configuration file jail.local.
And insert the following content:
[sshd] port = ssh logpath = %(sshd_log)s [kopano-webapp] enabled = true port = https filter = kopano-webapp-auth logpath = %(apache_error_log)s [apache-auth] enabled = true port = http,https logpath = %(apache_error_log)s
Here error.log is read out with the variable %(apache_error_log), /var/log/apache2/error.log
Restart Fail2ban to enable the changes.
systemctl restart fail2ban
The status of Fail2ban can be checked as follows.
root@kopano:~# fail2ban-client status Status |- Number of jail: 3 '- Jail list: apache-auth, kopano-webapp, sshd root@kopano:~# fail2ban-client status kopano-webapp Status for the jail: kopano-webapp | Filters | |- Currently failed: 0 | |- Total failed: 7 | '- File list: /var/log/apache2/mattermost-error.log /var/log/apache2/error.log '- Actions |- Currently banned: 4 |- Total banned: 52 '- Banned IP list: 10.10.10.101 172.17.88.91 172.31.16.3 10.32.57.98
The firewall provides information about the status of the hosts currently blocked by Fail2ban, with an iptables query:
iptables -vnL | egrep "f2b-kopano-webapp|apache-auth|sshd"