Smerdoff
DevOps

Server Security Tools: CrowdSec, Fail2Ban, Grafana

Alexey Smerdov· Full-stack Developer· Dec 20, 2025· 10 min
Server Security Tools: CrowdSec, Fail2Ban, Grafana

Introduction

Server security is a critically important aspect of any web project. In this article we'll explain which tools we use to protect our clients' infrastructure: CrowdSec, Fail2Ban, Grafana, and Podman.

CrowdSec: Collective Defense

CrowdSec is a modern, open-source intrusion detection system (IDS). Its key feature is collective intelligence: when one participant in the network detects a threat, information about the attacking IP is shared with all users.

Advantages of CrowdSec

  • Collective blocklist — protection against known attackers
  • Low resource consumption — written in Go
  • Flexible scenarios — easily configurable detection rules
  • Integration with any service — nginx, Apache, SSH, and more
  • Free — open source with an optional paid console

What CrowdSec Can Detect

  • Brute-force attacks on SSH and web forms
  • Vulnerability scanning
  • SQL injection attempts
  • Attacks on WordPress and other CMSes
  • Application-layer DDoS attacks

Fail2Ban: A Proven Classic

Fail2Ban is a utility for protecting Linux servers against brute-force attacks. It monitors logs and bans IP addresses that show suspicious activity.

How Fail2Ban Works

  • Analyzes log files in real time
  • Finds patterns of failed login attempts
  • Adds iptables rules to block them
  • Automatically unbans after the timeout expires

Typical Jails (Rules)

  • sshd — protecting SSH against password guessing
  • nginx-http-auth — protecting basic auth
  • nginx-botsearch — blocking scanners
  • postfix — protecting the mail server

Fail2Ban vs CrowdSec

We use both tools together. Fail2Ban is local protection, CrowdSec is global intelligence. Together they provide multi-layered security.

Grafana: Monitoring Everything

Grafana is a platform for visualizing metrics and logs. We use it to monitor our entire infrastructure.

What We Monitor

  • Server load — CPU, RAM, disk, network
  • Service availability — uptime, response time
  • Request volume — RPS, 4xx/5xx errors
  • Security — blocked IPs, intrusion attempts
  • Business metrics — sign-ups, orders, conversions

Pairing With Other Tools

  • Prometheus — collecting metrics
  • Loki — aggregating logs
  • AlertManager — notifications to Telegram/Slack

Why Grafana

  • Beautiful dashboards out of the box
  • A flexible alerting system
  • Support for many data sources
  • Open source and self-hosted
  • A huge community and ready-made dashboards

Podman: Secure Container Deployment

Podman is a Docker replacement without a daemon. Its main advantage is rootless mode, which significantly increases security.

Advantages of Podman Over Docker

  • Rootless — containers run without root privileges
  • Daemonless — there's no constantly running daemon
  • Docker compatibility — the same commands and images
  • Systemd integration — generating unit files
  • Pod concept — grouping containers like in Kubernetes

Podman Security

In rootless mode, even if an attacker breaks out of a container, they won't have root access to the host. This is critically important for production.

How We Use Podman

  • Deploying applications via podman-compose
  • Generating systemd services for auto-start
  • Isolating services from one another
  • Automatic image updates

Our Security Stack

Here's what a typical server setup for a client looks like:

  • Firewall — UFW or firewalld with a minimum of open ports
  • CrowdSec — collective protection against known threats
  • Fail2Ban — local protection against brute force
  • Podman — isolating applications in containers
  • Grafana + Prometheus — monitoring and alerts
  • Regular backups — daily snapshots

Security Recommendations

The basic rules we follow:

  • Disabling root login over SSH
  • Using SSH keys instead of passwords
  • Regular system updates
  • The principle of least privilege
  • Monitoring and alerts on suspicious activity
  • Regular configuration audits

Conclusion

Security is a process, not a product. The combination of CrowdSec, Fail2Ban, Grafana, and Podman provides reliable protection at minimal cost. All of these tools are free and open source.

Want to set up secure infrastructure for your project? We'll help you choose the optimal stack and configure monitoring for your needs.

Read also

Need development for your task?

Describe your project — we'll propose a solution and timeline.