CSEC_PUBLIC/How-To-Secure-A-Linux-Server
1
0
Fork 0
mirror of https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git synced 2025-12-06 09:12:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
IMTheNachoMan
2019-03-03 22:48:19 -05:00
parent 2dd56632c5
commit 4694934819
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -1571,7 +1571,7 @@ WIP
sudo apt install fail2ban sudo apt install fail2ban
``` ```
1. We don't want to edit `/etc/fail2ban/fail2ban.conf` or `/etc/fail2ban/jail.conf` because a future update may overwrite those so we'll create a local copy instead. Add this to `/etc/fail2ban/jail.local` after replacing `[LAN SEGMENT]` and `[your email]` with the appropriate values: 1. We don't want to edit `/etc/fail2ban/fail2ban.conf` or `/etc/fail2ban/jail.conf` because a future update may overwrite those so we'll create a local copy instead. Create the file `/etc/fail2ban/jail.local` and add this to it after replacing `[LAN SEGMENT]` and `[your email]` with the appropriate values:
``` ```
[DEFAULT] [DEFAULT]
@@ -1593,7 +1593,7 @@ WIP
**Note**: Your server will need to be able to send e-mails so Fail2ban can let you know of suspicious activity and when it banned an IP. **Note**: Your server will need to be able to send e-mails so Fail2ban can let you know of suspicious activity and when it banned an IP.
1. We need to create a jail for `ssh` that tells `fail2ban` to look at `ssh` logs and use `ufw` to ban/unban IPs as needed. Create a jail for `ssh` by adding this to `/etc/fail2ban/jail.d/ssh.local`: 1. We need to create a jail for `ssh` that tells `fail2ban` to look at `ssh` logs and use `ufw` to ban/unban IPs as needed. Create a jail for `ssh` by creating the file `/etc/fail2ban/jail.d/ssh.local` and adding this to it:
``` ```
[sshd] [sshd]
@@ -2345,7 +2345,8 @@ There are many guides on-line that cover how to configure Gmail as MTA using STA
description=This opens up the TLS port 465 for use with SMPT to send e-mails. description=This opens up the TLS port 465 for use with SMPT to send e-mails.
ports=465/tcp ports=465/tcp
EOF EOF
ufw allow out smtptls comment 'open TLS port 465 for use with SMPT to send e-mails'
sudo ufw allow out smtptls comment 'open TLS port 465 for use with SMPT to send e-mails'
``` ```
1. Add some mail aliases so we can send e-mails to local accounts by adding lines like this to `/etc/aliases`: 1. Add some mail aliases so we can send e-mails to local accounts by adding lines like this to `/etc/aliases`: