Nowdays in Iran, despite the filtering conditions, many people setup and use VPN service on the server
Unfortunately some persons, due to little of knowledge, security and software problems arise for their server
This writeup the minimum that can be used to prevent attacks and security problems
Change SSH port
Most of the brute force attacks are on the default port of services. To prevent this attack, change the default port
Block IP every 5 failed logins ( automation )
cd /home
- create bash file →
nano ipblocker.sh
#!/bin/bash
LOG_FILE="/var/log/auth.log"
THRESHOLD=5
while true; do
failed_ips=$(grep "Failed password" $LOG_FILE | tail -n 5 | awk '{print $(NF-3)}' | sort | uniq -c | awk '$1 >= 5 {print $2}')
for ip in $failed_ips; do
echo "Blocking IP: $ip"
echo "ALL: $ip" >> /etc/hosts.deny
done
sleep 60 # Check every minute
done
3.chmod +x ipblocker.sh
4. nano /etc/systemd/system/ipblocker.service
[Unit]
Description=Block IP addresses with failed SSH logins
[Service]
Type=simple
ExecStart=/home/ipblocker.sh
Restart=always
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl start ipblocker
sudo systemctl enable ipblocker
sudo systemctl status ipblocker
Update server every 6 hours ( automation )
cd /home
- create bash file →
nano updater.sh
#!/bin/bash
apt update -y
sleep 2
apt upgrade -y
3. chmod +x updater.sh
4. edit cronjob file -> crontab -e
5. add this → 0 */6 * * * /home/updater.sh
Use of low services
- Run the monitor system processes commands (htop , atop , top , …) and see the running services
- https://itsfoss.com/linux-system-monitoring-tools/
- Disable unused service → systemctl disable <service-name>
Backup
It is better to use the rsync tool for backups.
Backup from important directories ex:/home,/opt,/var,/etc,…
https://parsdev.com/blog/how-to-use-rsync
If you are using the Windows operating system, you can use the SFTP service or protocol in the WinSCP or Termius program for backup or transfer your file.
Use strong password
In this section, I suggest pwgen tool
A strong password can also prevent brute force attacks
apt-get install -y pwgen
yum install -y pwgen #for cent os
Generate random and strong password → pwgen -s 10 -1 -y
Change password → passwd
Delete unused packages
- show installed package
- show all installed packages → cat /var/log/dpkg.log | grep “ install “
- show installed packages with apt command → grep “ install “ /var/log/apt/history.log
2. Delete the desired package
- apt-get remove <package-name>
- yum remove <package-name> #for cent os
Firewall configuration
By using and configuring the firewall, control and limit incoming and outgoing traffic, IPs, and ports so that the server remains safe from network attacks.
Basic firewall (ufw) → https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
Powerful firewall (iptables) → https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands
Fail2ban tool
Malware bots try to penetrate the server by exploiting the server’s IP address.
Fail2Ban tool’s made to analyze system logs and block cyber attacks and IP addresses
Tutorial setup : https://linuxhandbook.com/fail2ban-basic
Use 2FA (Google authenticator)
Google Authenticator is a two step or multi step authentication process that is used to prevent cyber attacks and is useful for the security of the SSH protocol and is installed on the server.
Tutorial setup : https://goteleport.com/blog/ssh-2fa-tutorial
Good luck ;)