📘 Dokumentasi Minimal Setup Security Server
(Fail2Ban + Wazuh)
🎯 Tujuan: Panduan cepat untuk install & konfigurasi Fail2Ban, Install Wazuh (minimal), serta hardening dasar untuk server Laravel / web.
🧱 1. INSTALL FAIL2BAN
apt update
apt install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban⚙️ 2. CONFIG FAIL2BAN
Buat config utama:
nano /etc/fail2ban/jail.localIsi minimal config:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
backend = systemd
[sshd]
enabled = true
port = 22
logpath = %(sshd_log)s
[nginx-badbots]
enabled = true
port = http,https
logpath = /usr/local/lsws/logs/access.log
[nginx-php-exploit]
enabled = true
port = http,https
logpath = /usr/local/lsws/logs/access.log
maxretry = 2🔍 3. FILTER CUSTOM (WAJIB)
Bad bots
nano /etc/fail2ban/filter.d/nginx-badbots.conf[Definition]
failregex = <HOST> -.*"(GET|POST).*" "(curl|wget|python|libredtail|bot).*"
ignoreregex =PHP exploit
nano /etc/fail2ban/filter.d/nginx-php-exploit.conf[Definition]
failregex = <HOST> -.*"(GET|POST).*(phpunit|eval|base64_decode|auto_prepend_file|allow_url_include).*"
ignoreregex =🔄 4. RESTART & CEK
systemctl restart fail2ban
systemctl status fail2ban
fail2ban-client status
tail -f /var/log/fail2ban.log🛡️ 5. INSTALL WAZUH (MINIMAL)
curl -sO https://packages.wazuh.com/4.x/wazuh-install.sh
bash wazuh-install.sh -a🔧 6. SERVICE WAZUH
systemctl status wazuh-manager
systemctl status wazuh-dashboard
systemctl restart wazuh-manager📊 7. MONITOR LOG WAZUH
tail -f /var/ossec/logs/alerts/alerts.log
tail -f /var/ossec/logs/ossec.log🔗 8. INTEGRASI FAIL2BAN → WAZUH
Edit config:
nano /var/ossec/etc/ossec.confTambahkan:
<integration>
<name>fail2ban</name>
<level>3</level>
</integration>systemctl restart wazuh-manager🔐 9. HARDENING WAJIB (MINIMAL)
Disable PHP dangerous function
nano /usr/local/lsws/lsphp83/etc/php.ini
disable_functions = exec,passthru,shell_exec,system,proc_open,popenBlock folder sensitif (LiteSpeed / Nginx)
location ~* /(vendor|\.env|\.git|storage) {
deny all;
}Block phpunit exploit
location ~* phpunit {
deny all;
}🚨 10. TROUBLESHOOTING
journalctl -xeu fail2ban
tail -f /var/ossec/logs/ossec.log
tail -f /usr/local/lsws/logs/access.log✅ 11. CHECKLIST FINAL
- Fail2Ban aktif
- Jail berjalan
- Log LiteSpeed terbaca
- Wazuh manager running
- Alert masuk
- SSH brute force ke-detect
- Web exploit ke-detect
- IP attacker otomatis ke-ban
🚀 CATATAN
Server internet publik pasti:
• Akan kena scan bot setiap menit
• Akan dicoba exploit otomatis
👉 Itu NORMAL
👉 Yang penting: detect + block otomatis
Server internet publik pasti:
• Akan kena scan bot setiap menit
• Akan dicoba exploit otomatis
👉 Itu NORMAL
👉 Yang penting: detect + block otomatis
🔚 SELESAI
Dokumentasi ini cukup untuk:
✅ Server production minimal
✅ Laravel aman dari scanning umum
✅ Auto-block attacker
Jika butuh upgrade:
• WAF (ModSecurity)
• Hardening Docker
• Advanced Wazuh rules
👉 Tinggal lanjut ke tahap berikutnya.
Dokumentasi ini cukup untuk:
✅ Server production minimal
✅ Laravel aman dari scanning umum
✅ Auto-block attacker
Jika butuh upgrade:
• WAF (ModSecurity)
• Hardening Docker
• Advanced Wazuh rules
👉 Tinggal lanjut ke tahap berikutnya.
Tidak ada komentar:
Posting Komentar