Create a Custom Jail for PostgreSQL in Fail2Ban
Fail2Ban is a security tool to prevent repeated attacks such as Brute Force attacks. If you are using PostgreSQL and want to increase its security, you can create a custom jail for it in Fail2Ban to block suspicious IPs in case of repeated failed login attempts. Stay with Radib until the end of this article.
Steps to Create a Custom Jail for PostgreSQL
1. Install Fail2Ban (if needed)
If Fail2Ban is not installed on your system, you can install it with the following commands:
On CentOS/RHEL:
sudo yum install fail2ban -y
On Ubuntu/Debian:
sudo apt update
sudo apt install fail2ban -y
2. Enable logging in PostgreSQL
In order for Fail2Ban to detect suspicious activity, you must enable logs for failed login attempts.
Buy hourly and monthly cloud server at the best price from Radib, Click
Open the PostgreSQL configuration file:
sudo nano /etc/postgresql/14/main/postgresql.conf # path in Ubuntu
Edit or add the following lines:
logging_collector = on
log_directory = '/var/log/postgresql'
log_filename = 'postgresql.log'
log_line_prefix = '%m [%p] %q%u@%d '
log_statement = 'all'
log_connections = on
log_disconnections = on
log_duration = on
log_min_messages = warning
log_min_error_statement = error
log_error_verbosity = default
Then restart PostgreSQL:
sudo systemctl restart postgresql
3. Create a custom filter in Fail2Ban
Fail2Ban requires a specific filter to detect attacks. Create the filter file:
Buy the best quality virtual server from Radib, Click
sudo nano /etc/fail2ban/filter.d/postgresql.conf
Enter the following content in the file:
[Definition]
failregex = ^%(__prefix_line)sFATAL: password authentication failed for user .* from host <HOST>
ignoreregex =
Filter Description:
failregex: This regular expression detects failed login attempts to PostgreSQL.ignoreregex: Used to exclude specific cases.
4. Configuring a Custom Jail for PostgreSQL
Now we need to configure a PostgreSQL-specific Jail in Fail2Ban. Create or edit the file: sudo nano /etc/fail2ban/jail.local [postgresql] enabled = true port = 5432 filter = postgresql logpath = /var/log/postgresql/postgresql.log maxretry = 3 bantime = 3600 findtime = 600 Value Description: Enable jail port (5432) PostgreSQL
maxretry: Maximum number of login attempts before being blocked (here 3 times)bantime: Blocking duration (in seconds, here 1 hour)findtime: Time interval to calculate the number of attempts (here 10 minutes)
5. Restart Fail2Ban
To apply the changes made, restart the Fail2Ban service:
Don't miss out on Radib services, quality, economical, practical, Click
sudo systemctl restart fail2ban
6. Checking Fail2Ban Performance
To ensure proper operation, check the status of the PostgreSQL jail:
sudo fail2ban-client status postgresql
Example output:
Status for the jail: postgresql
|- Filter
| |- Currently failed: 1
| |- Total failed: 5
| `- File list: /var/log/postgresql/postgresql.log
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: 192.168.1.10
7. Unblocking a blocked IP
If an IP has been blocked by mistake, you can unblock it with the following command:
sudo fail2ban-client unban --ip 192.168.1.10
8. Checking Fail2Ban Logs
If you need to examine more details, you can view the Fail2Ban logs:
sudo tail -f /var/log/fail2ban.log
Summary
To increase the security of your PostgreSQL database, you can use Fail2Ban as follows:
- Install Fail2Ban and enable PostgreSQL logs.
- Create a custom filter to detect failed logins.
- Configure the jail in the
jail.localfile. - Start and monitor performance Fail2Ban.
This solution helps you identify malicious attacks and prevent unauthorized access.
If you need further clarification from the support ticket section, please contact Radib Group experts.
