fail2web

secu fail2ban fail2web fail2rest

Monitoring your fail2ban ban web GUI.

Source github : https://github.com/Sean-Der/fail2rest and https://github.com/Sean-Der/fail2web

While in theory it would be nice to have every network service behind a LAN/certificate that isn't always possible. Many protocols don't have certificate authentication, and even if they do maybe your client doesn't support it. So you are left with password authentication, but what happens when someone uses a 4 char password... and an attacker is able to guess 1000 times every minute? Seems like a complicated problem, but not with fail2ban! The following description is lifted from the fail2ban documentation.

However, once I installed fail2ban I found myself locking myself out of my servers all the time! I would setup a SIP client to use the wrong password, and would spend way to much time debugging what was wrong! With fail2web, that is all a thing of the past! fail2web is a mobile first GUI to fail2ban, that allows you to view who is currently banned, test regexes and view graphs on past bans.

You need have fail2rest and the necessary libraries.

Even though this tutorial is written for Ubuntu/Debian, it should work on any host that has Golang and fail2ban (All Unixes). You might have to deviate from this tutorial, but it should covert most of it.

First we need to install fail2rest, the daemon that communicates with fail2ban. The backend requires the Go programming language, and git to download it. If you have never used Go before you can follow this verbatim, adjust as needed if you already have a Gopath set.

  • sudo apt-get install golang git gcc

  • go get github.com/Sean-Der/fail2rest

  • cd $GOPATH/src/github.com/Sean-Der/fail2rest

  • sudo -E go run *.go Check the startup script for debian


If everything worked this program should just run forever! We will update it to run as a service later, but make sure it is working first. Run wget -qO- -- "localhost:5000/global/ping" if that returns "pong" you have a running fail2rest instance!

Next we are going to install fail2web in /var/www/fail2web, later we will access this via apache

  • git clone --depth=1 https://github.com/Sean-Der/fail2web.git /var/www/fail2web

Congrats, you are almost done! You now have all the moving parts, all that is left is to serve it via Apache

Install Apache and put it behind a password
  • sudo apt-get install apache2 apache2-utils

  • sudo htpasswd -c /var/www/htpasswd YOUR_USERNAME

  • sudo a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html
Create your fail2web config

Then with your text editor of choice create /etc/apache2/sites-enabled/fail2web.conf with the following content. Make sure to replace fail2web.yourserver.name 

     <VirtualHost *:80>  
  ServerName fail2web.yourserver.com ##CHANGE THIS  
  DocumentRoot /var/www/fail2web/web  

  <Location />  
      AuthType Basic  
      AuthName "Restricted"  
      AuthBasicProvider file  
      AuthUserFile /var/www/htpasswd  
      Require valid-user  

  </Location>  

 ProxyPass /api http://127.0.0.1:5000  

</VirtualHost>
Restart Apache!

fail2web should now be accessible via the ServerName you chose above 


#!/bin/sh
# kFreeBSD do not accept scripts as interpreters, using #!/bin/sh and sourcing.
if [ true != "$INIT_D_SCRIPT_SOURCED" ] ; then
    set "$0" "$@"; INIT_D_SCRIPT_SOURCED=true . /lib/init/init-d-script
fi
### BEGIN INIT INFO
# Provides:          fail2rest
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Should-Start:      fail2ban
# Should-Stop:       fail2ban
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: fail2rest initscript
# Description:       fail2rest is a small
#                    REST server that aims
#                    to allow full administration
#                    of a fail2ban server via HTTP
#
### END INIT INFO

USER="root"

#FIXME your GOPATH
GOPATH="YOUR/GOPATH/Projects/"

WORKDIR="/var/run/fail2ban"
#FIXME path to your fail2rest binary
DAEMON="$GOPATH/bin/fail2rest"
CONFIG="/etc/fail2rest.json"

# Author: Sean DuBois <sean@siobud.com>
#
DESC="fail2ban REST server"
NAME="fail2rest"

case "$1" in
      start)
        echo "Starting $NAME ..."
        if [ -f "$WORKDIR/$NAME.pid" ]
        then
            echo "Already running according to $WORKDIR/$NAME.pid"
            exit 1
        fi
        cd "$WORKDIR"
  export GOPATH="$GOPATH"
  export PATH="PATH=/usr/sbin:/usr/bin:/sbin:/bin:$GOPATH/bin"
        /bin/su -m -l root -c " $DAEMON --config $CONFIG" > "$WORKDIR/$NAME.log" 2>&1 &

        PID=$!
        echo $PID > "$WORKDIR/$NAME.pid"
        echo "Started with pid $PID - Logging to $WORKDIR/$NAME.log" && exit 0
        ;;
      stop)
        echo "Stopping $NAME ..."
        if [ ! -f "$WORKDIR/$NAME.pid" ]
        then
            echo "Already stopped!"
            exit 1
        fi
        PID=`cat "$WORKDIR/$NAME.pid"`
        kill $PID
        rm -f "$WORKDIR/$NAME.pid"
        echo "stopped $NAME" && exit 0
        ;;
      restart)
        $0 stop
        sleep 1
        $0 start
        ;;
      status)
        if [ -f "$WORKDIR/$NAME.pid" ]
        then
            PID=`cat "$WORKDIR/$NAME.pid"`
            if [ "$(/bin/ps --no-headers -p $PID)" ]
            then
                echo "$NAME is running (pid : $PID)" && exit 0
            else
                echo "Pid $PID found in $WORKDIR/$NAME.pid, but not running." && exit 1
            fi
        else
            echo "$NAME is NOT running" && exit 1
        fi
    ;;
      *)
      echo "Usage: /etc/init.d/$NAME {start|stop|restart|status}" && exit 1
      ;;
esac

exit 0

Previous Post