From 953c8833c2a64807d1a0e6ee86dd474f6967c9a5 Mon Sep 17 00:00:00 2001 From: Florian Hoss <65008174+flohoss@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:37:32 +0100 Subject: [PATCH] Update README.md --- SecureSystem/README.md | 122 ++++++++++++++++++++++------------------- 1 file changed, 66 insertions(+), 56 deletions(-) diff --git a/SecureSystem/README.md b/SecureSystem/README.md index 5fb4796..ccb8733 100644 --- a/SecureSystem/README.md +++ b/SecureSystem/README.md @@ -81,60 +81,10 @@ check if service has been started successfully ```systemctl status sshd``` -## Configure Fail2Ban - -install fail2ban - -```apt-get install fail2ban``` - -enable fail2ban - -```systemctl enable fail2ban``` - -create a backup of the old config just in case - -```cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local``` - -edit the config file - -```vim /etc/fail2ban/jail.local``` - -```bash -... -bantime.increment = true -... -bantime.multipliers = 1 2 4 8 16 32 64 -... -bantime = 300m -... -findtime = 10m -... -maxretry = 3 - -[sshd] -... -enabled = true -port = 29 -logpath = %(sshd_log)s -backend = %(sshd_backend)s -... -``` -restart fail2ban - -```systemctl restart fail2ban``` - -check the status of fail2ban - -```systemctl status fail2ban``` - -check the status of the client - -```fail2ban-client status sshd``` +## Configure SSH key auth (Unix Systems) **-- Logout from Server --** -## Configure SSH key auth (Unix Systems) - **following steps are executed on the local system - NOT on the server** create a ssh key with Edwards-curve Digital Signature Algorithm and name it server in the .ssh folder of the current user @@ -216,18 +166,78 @@ check if service has been started successfully ```sudo systemctl status sshd``` +## OPTIONAL Configure Fail2Ban + +install fail2ban + +```apt-get install fail2ban``` + +enable fail2ban + +```systemctl enable fail2ban``` + +create a backup of the old config just in case + +```cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local``` + +edit the config file + +```vim /etc/fail2ban/jail.local``` + +```bash +... +bantime.increment = true +... +bantime.multipliers = 1 2 4 8 16 32 64 +... +bantime = 300m +... +findtime = 10m +... +maxretry = 3 + +[sshd] +... +enabled = true +port = 29 +logpath = %(sshd_log)s +backend = %(sshd_backend)s +... +``` +restart fail2ban + +```systemctl restart fail2ban``` + +check the status of fail2ban + +```systemctl status fail2ban``` + +check the status of the client + +```fail2ban-client status sshd``` + ## OPTIONAL Install UFW Firewall -```sudo apt-get install ufw``` +```sudo su``` -allow SSH if you are using a remote connection +```apt-get install ufw``` -```sudo ufw allow ssh``` +allow SSH (or port 29 like in the config earlier) if you are using a remote connection + +```ufw allow ssh``` + +or + +```ufw allow 29/tcp``` check the status of the firewall (should be off) -```sudo ufw status verbose``` +```ufw status verbose``` turn the firewall on -```sudo ufw enable``` \ No newline at end of file +```ufw enable``` + +check the status of the firewall (should be on) + +```ufw status verbose```