Fail2ban

Fail2ban Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs etc.. and uses iptables profiles to block brute-force attempts. To install fail2ban, type the following in the terminal: sudo apt-get install fail2ban Configuration To configure fail2ban, make a 'local' copy the jail.conf file in /etc/fail2ban cd /etc/fail2ban sudo cp jail.conf jail.local Now edit the file: sudo nano jail.local Set the IPs you want fail2ban to ignore, the ban time (in seconds) and maximum number of user attempts to your liking: [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 bantime = 3600 maxretry = 3 Email Notification Note: You will need sendmail or any other MTA to do this. If you wish to be notified of bans by email, modify this line with your email address: destemail = your_email@domain.com Then find the line: action = %(action_)s and change it to action = %(action_mw)s Jail Configuration enabled = true

UNIX / Linux: Send E-mail When sudo Runs I'm not told to use the root user to perform activities that do not require it. I've configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command? Configure sudo To Send E-mail Sudo can be configured to to send e-mail when the sudo command is used. mailto "admin@staff.example.com" mail_always on Where, mailto "admin@staff.example.com" : Your email id.mail_always : Send mail to the mailto user every time a users runs sudo. Additional options: Sudo Logfile By default, sudo logs vis syslog. Defaults ! Save and close the file. Jul 1 12:30:13 : vivek : TTY=pts/3 ; PWD=/home/vivek ; USER=root ; COMMAND=/bin/bash Jul 1 12:34:02 : vivek : TTY=pts/0 ; PWD=/home/vivek ; USER=root ; COMMAND=sudoedit /etc/sudoers

Running commands on Putty without fear of losing connection UNIX / Linux: Send E-mail When sudo Runs | linuxforge UNIX / Linux: Send E-mail When sudo Runs I’m not told to use the root user to perform activities that do not require it. I’ve configured sudo for myself and for other web developers so that they can restart MySQL or Apache web server. How do I send email when sudo run by one of my user? How do I keep track of user login done via sudo command? sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too. Configure sudo To Send E-mail Sudo can be configured to to send e-mail when the sudo command is used. mailto "admin@staff.example.com" mail_always on Where, mailto “admin@staff.example.com” : Your email id.mail_always : Send mail to the mailto user every time a users runs sudo. Additional options: Sudo Logfile By default, sudo logs vis syslog. Defaults ! Save and close the file. Like this: Like Loading...

E-mail Alert on Root SSH Login Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you're dealing with the super user account. So lets get started! 1. 2. cd /root 3. pico .bashrc 4. Replace YourServerName with the handle for your actual serverReplace you@yourdomain.com with your actual email address 5. Now logout of SSH, close the connection and log back in! Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

chkrootkit -- locally checks for signs of a rootkit Setup Virtual Users and Directories in VSFTPD Setup virtual users instead of local users and configure user specific home directories for each user, or shared between a handful of users. The reason for setting up virtual users, and different home directory for each user, was to allow ftp access to a web server running a number of different sites for different clients. Each client can have one or more login to the ftp server, and the usernames and passwords can be shared with the apache webserver, so you only need to store their passwords in one place. I'm choosing vsftpd as the ftp server, as it seems to have the best reputation for being secure (and having the fewest security bugs) Installing Whilst each flavour of linux has it's own way of installing software, I'm going to run through using debian, so you will need to adapt it for whichever distro you use. Firstly we need to download and install the ftp server VSFTPD debian# apt-get install vsftpd debian# apt-get install libpam-pwdfile Configuration for subsequent users just use Testing

FireHOL, a Linux iptables packet filtering firewall builder for humans...