flohoss/server-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
Florian Hoss 2021-12-20 09:37:32 +01:00 committed by GitHub
parent 03bfa09337
commit 953c8833c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 66 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
SecureSystem/README.md
View file

@ -81,60 +81,10 @@ check if service has been started successfully
```systemctl status sshd``` ```systemctl status sshd```
## Configure Fail2Ban ## Configure SSH key auth (Unix Systems)
install fail2ban
```apt-get install fail2ban```
enable fail2ban
```systemctl enable fail2ban```
create a backup of the old config just in case
```cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local```
edit the config file
```vim /etc/fail2ban/jail.local```
```bash
...
bantime.increment = true
...
bantime.multipliers = 1 2 4 8 16 32 64
...
bantime = 300m
...
findtime = 10m
...
maxretry = 3
[sshd]
...
enabled = true
port = 29
logpath = %(sshd_log)s
backend = %(sshd_backend)s
...
```
restart fail2ban
```systemctl restart fail2ban```
check the status of fail2ban
```systemctl status fail2ban```
check the status of the client
```fail2ban-client status sshd```
**-- Logout from Server --** **-- Logout from Server --**
## Configure SSH key auth (Unix Systems)
**following steps are executed on the local system - NOT on the server** **following steps are executed on the local system - NOT on the server**
create a ssh key with Edwards-curve Digital Signature Algorithm and name it server in the .ssh folder of the current user create a ssh key with Edwards-curve Digital Signature Algorithm and name it server in the .ssh folder of the current user
@ -216,18 +166,78 @@ check if service has been started successfully
```sudo systemctl status sshd``` ```sudo systemctl status sshd```
## OPTIONAL Configure Fail2Ban
install fail2ban
```apt-get install fail2ban```
enable fail2ban
```systemctl enable fail2ban```
create a backup of the old config just in case
```cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local```
edit the config file
```vim /etc/fail2ban/jail.local```
```bash
...
bantime.increment = true
...
bantime.multipliers = 1 2 4 8 16 32 64
...
bantime = 300m
...
findtime = 10m
...
maxretry = 3
[sshd]
...
enabled = true
port = 29
logpath = %(sshd_log)s
backend = %(sshd_backend)s
...
```
restart fail2ban
```systemctl restart fail2ban```
check the status of fail2ban
```systemctl status fail2ban```
check the status of the client
```fail2ban-client status sshd```
## OPTIONAL Install UFW Firewall ## OPTIONAL Install UFW Firewall
```sudo apt-get install ufw``` ```sudo su```
allow SSH if you are using a remote connection ```apt-get install ufw```
```sudo ufw allow ssh``` allow SSH (or port 29 like in the config earlier) if you are using a remote connection
```ufw allow ssh```
or
```ufw allow 29/tcp```
check the status of the firewall (should be off) check the status of the firewall (should be off)
```sudo ufw status verbose``` ```ufw status verbose```
turn the firewall on turn the firewall on
```sudo ufw enable``` ```ufw enable```
check the status of the firewall (should be on)
```ufw status verbose```