Tanbir Ahmed Official

Linux Advanced Security Setup

Prevent repeated login attempts with Fail2Ban

Fail2Ban is a security tool to prevent dictionary attacks. It works by monitoring important services (like SSH) and blocking IP addresses which appear to be malicious (i.e. they are failing too many login attempts because they are guessing passwords).

Install Fail2Ban:

Configure Fail2Ban:

Set “enabled” to “true” in the [ssh-ddos] section. Also, set “port” to “44444” in the [ssh] and [ssh-ddos] sections. (Change the port number to match whatever you used as your SSH port).

Save the file and restart Fail2Ban to put the new rules into effect:

Add a firewall

We’ll add an iptables firewall to the server that blocks all incoming and outgoing connections except for ones that we manually approve. This way, only the services we choose can communicate with the internet.

The firewall has no rules yet. Check it out:

Setup firewall rules in a new file:

The following firewall rules will allow HTTP (80), HTTPS (443), SSH (44444), ping, and some other ports for testing. All other ports will be blocked.

Paste the following into /etc/iptables.firewall.rules:

Activate the firewall rules now:

Verify that the rules were installed correctly:

Activate the firewall rules on startup:

Paste this into the /etc/network/if-pre-up.d/firewall file:

Set the script permissions:

Get an email anytime a user uses sudo

I like to get an email anytime someone uses sudo. This way, I have a “paper trail” of sorts, in case anything bad happens to my server. I use a Gmail filter to file these away and only look at them occasionally.

Create a new file for the sudo settings:

Add this to the file:

Set permissions on the file:

This is isn’t mentioned anywhere on the web, as far as I know, but in order for the “mail on sudo use” feature to work, you need to install an MTA server. sendmail is a good choice:

Now, you should get an email anytime someone uses sudo!

Author: Tanbir A.

Tanbir is an engineer by profession, technologist, hobbyist photographer, graphics & web designer with avg knowledge in coding, SEO specialist, and blogger at TechWacky. His favorite topics to write about are tech, hacks, tutorials, arts & design and food. You can also find him on Twitter and Facebook!