Differences

This shows you the differences between two versions of the page.

--- systems:media_server:secure_the_server [2025/05/30 19:35] – [Configure Fail2Ban] peter
+++ systems:media_server:secure_the_server [2025/05/31 16:46] (current) – peter
@@ Line 5: / Line 5: @@
 ----
-===== Install fail2ban =====
+  * [[Systems:Media Server:Secure the Server:Install fail2ban|Install fail2ban]]
+  * [[Systems:Media Server:Secure the Server:Install Lynis Security Audit Tool|Install Lynis Security Audit Tool]]
-==== Update the system: ====
+  * [[Systems:Media Server:Secure the Server:Install rkhunter|Install rkhunter]]
-<code bash>
-sudo apt update && sudo apt upgrade
-</code>
 ----
-==== Install Fail2Ban ====
+  * [[Systems:Media Server:Secure the Server:Harden Linux kernel configuration parameters|Harden Linux kernel configuration parameters]]
+  * [[Systems:Media Server:Secure the Server:Harden SSHD|Harden SSHD]]
-<code bash>
+  * [[Systems:Media Server:Secure the Server:Harden Sudo|Harden Sudo]]
-sudo apt install fail2ban
+  * [[Systems:Media Server:Secure the Server:Disable core dump|Disable core dump]]
-</code>
+  * [[Systems:Media Server:Secure the Server:Add a legal banner in /etc/issue and /etc/issue.net|Add a legal banner in /etc/issue and /etc/issue.net]]
+  * [[Systems:Media Server:Secure the Server:Setup a Firewall|Setup a Firewall]]
-----
-==== Configure Fail2Ban ====
-The default configuration is defined in **/etc/fail2ban/jail.conf**.
-<WRAP important>
-**WARNING:** The default values may change with package updates, so if you want to change the settings, create a **jail.local** file and modify it.
-</WRAP>
-Here are salient lines from the default configuration:
-<file bash /etc/fail2ban/jail.conf>
-# line 87 : ignore your own local IP
-#ignoreself = true
-# line 92 : possible to add ignored networks
-#ignoreip = 127.0.0.1/8 ::1
-# line 101 : number of seconds that a host is banned
-# - 1m ⇒ 1 minutes
-# - 1h ⇒ 1 houer
-# - 1d ⇒ 1 day
-# - 1mo ⇒ 1 month
-# - 1y ⇒ 1 year
-bantime  = 10m
-# line 105 : A host is banned if it has generated "maxretry" during the last "findtime"
-findtime  = 10m
-# line 108 : "maxretry" is the number of failures before a host get banned
-maxretry = 5
-# line 178 : destination email address if enabling email notification
-destemail = root@localhost
-# line 181 : sender address if enabling email notification
-sender = root@<fq-hostname>
-# line 263 : default action
-# - %(action_)s ⇒ ban only
-# - %(action_mw)s ⇒ band and email notification (includes Whois info)
-# - %(action_mwl)s ⇒ band and email notification (includes Whois info and logs)
-action = %(action_)s
-</file>
-----
-==== Create a /etc/fail2ban/jail.local file ====
-Override the default values.
-<file bash /etc/fail2ban/jail.local>
-[DEFAULT]
-ignoreip = 127.0.0.1/8 ::1
-bantime  = 1d
-findtime  = 5m
-maxretry = 5
-destemail = root@localhost
-sender = root@mediaserver
-</file>
-----
-==== Restart Fail2Ban ====
-<code bash>
-sudo systemctl restart fail2ban
-</code>
-----
-==== Verify Fail2Ban ====
-<code bash>
-sudo systemctl status fail2ban
-</code>
-----