![]() ![]() Wget -q -o /dev/null You can review your stats page at. Next execute the following command: sudo nano /etc/fail2ban/action.d/nfįind the actionban option, which should look something like: actionban = iptables -I fail2ban- l -s -j Ĭhange the option to read: actionban = iptables -I fail2ban- l -s -j The key will be associated with your VPS by. This will return a json document with a key attribute, copy this attribute somewhere for future reference. Next we'll integrate with the service to track and map where any intrusions originate, in the shell type: wget -q -O. To exit and save use Ctrl+x, y and Enter. Some settings you might want to change are: ignoreip = 127.0.0.1/8 > Next you have to copy the jail configuration to create a local copy: sudo cp /etc/fail2ban/nf /etc/fail2ban/jail.localĪt this point you might want to edit the configuration file to set parameters for the jail: sudo nano /etc/fail2ban/jail.local ![]() If Fail2ban is not already installed install it with: sudo apt-get install fail2ban -y You'll notice that UFW has added rules for both IPv4 and IPv6. ![]() To enable the firewall type: sudo ufw enableĬhecking the status of UFW is as easy as: sudo ufw status Next, enable ports for the services you are going to run on the server, for example http and https would be: sudo ufw allow http Instead of "ssh" you can put the port number you have switch SSH to. You are most probably connecting via SSH, so enable that: sudo ufw limit ssh If UFW is not already installed install it with: sudo apt-get install ufw -y The easiest way to limit access to the server is by utilising UFW, which is really just a wrapper around iptables the Linux kernel firewall. The first steps you should take are to limit access to your new server. You will get an output that appears like: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND To display all running processes enter the following at the shell prompt: ps aux Upgrading the dependencies themselves is done by entering: sudo apt-get upgrade -yĪs with your smartphone, if you go outside of the aptitude channel make sure you trust the source you are downloading packages from. Most of your dependencies will come through aptitude, to update your local index of dependencies type: sudo apt-get update ![]()
0 Comments
Leave a Reply. |