Se viene contenido nuevo en los cursos de SSH, en el de Hardening GNU/Linux (próximamente) y en el canal de YouTube de #JuncoTIC! 🎉

A pedido de seguidores y alumnos: fail2ban.

Guía paso a paso de configuraciones fundamentales bloquear ataques de fuerza bruta a nuestro servidor de SSH.

Los invito a suscribirse al canal para enterarse cuando salga el video! 👇

https://www.youtube.com/juncotic?sub_confirmation=1

#gnu #linux #fail2ban #ciberseguridad #hacking #ssh #hardening #infosec #seguridadinformatica #juncotic

NextCloud clients are requesting so many existing(!) PHP scripts, which in turn respond with HTTP 404 that I now need to exclude the entire NC instance from fail2ban's apache-404 jail.

#HomeLab #SelfHosted #NextCloud #Apache #Fail2Ban

C'est chaud aujourd'hui, mon serveur se fait bombarder de tentatives de connexion en #SSH et sur les ports dédiés aux mails.
#Fail2ban fait son job mais ça canarde dur.
Moyenne/jour : 5 ou 6 tentatives
Ce matin : 100+

Mal wieder so eine Perle, die der #fail2ban rausgefischt hat:

"request_Accept":"(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'\"+(select(0)from(select(sleep(15)))v)+\"*/"

😂

Guide : protéger son #serveur personnel #Linux avec #Fail2ban
La première étape consistera à installer Fail2ban pour sécuriser le #système. Puis nous ouvrirons l’accès au serveur sur #Internet. 
https://www.minimachines.net/actu/guide-fail2ban-serveur-minipc-139510

Today is 60 days since the last time I restarted a public internet facing machine with fail2ban runnning.

I know this because it's spent all day emailing me about IP addresses it's banned for repeat offending after the last set of bans expired

#HomeLab #fail2ban

@wendynather New #fail2ban logic or customisation on all #Linux machines

👉 C'est par ici que ça se passe : https://wiki.blablalinux.be/fr/optimisation-logs-fail2ban-nginx-proxy-manager

On n'oublie pas : un SysAdmin qui automatise est un SysAdmin qui a le temps de boire son café chaud ! ☕🧤

#BlablaLinux #SysAdmin #NginxProxyManager #Fail2Ban #Docker #Linux #SelfHosted

New release of fail2ban-dashboard.

Version v0.8.0 now provides Prometheus metrics which are disabled by default but can be enabled with the -m flag. Check the README for more details.

Furthermore the project now got an own handcrafted Golang gopher mascot. ☺️

#fail2ban #fail2bandashboard #golang

#metrics #security #prometheus #dashboard

See here: https://github.com/webishdev/fail2ban-dashboard

Une nouvelle version de reaction vient de sortir !
La v2.3.0 ajoute un tout nouveau système de plugins, qui permet d'étendre les fonctionnalités de reaction et de gros gains de performance !

https://framagit.org/ppom/reaction/-/releases/v2.3.0

#reactionrust #rust #fail2ban #plugins

A new version of reaction is out!
v2.3.0 features a brand new plugin system, permitting to extend reaction and huge performance gains!

https://framagit.org/ppom/reaction/-/releases/v2.3.0

#reactionrust #rust #fail2ban #plugins

[Перевод] Прощай, Fail2Ban: усиливаем защиту Netbird и Caddy с CrowdSec

Fail2Ban долго был про «поставил и забыл», но сейчас он всё чаще работает как сигнализация, которая орёт уже после того, как дверь подёргали десятки раз — и каждый рывок остаётся в логах. Мы перевели сервер управления Netbird с Fail2Ban на CrowdSec и собрали это в практический разбор: как читать JSON-логи Caddy без плясок с регулярками, как вешать блокировки на nftables, и почему community threat intel позволяет отрезать часть сканеров ещё до того, как они успевают что-то «прощупать». По ходу рассмотрим конфиги, команды и наблюдения, что именно меняется в шуме, банах и нагрузке.

https://habr.com/ru/companies/otus/articles/995272/

#CrowdSec #Fail2Ban #защита_сервера #блокировка_IP #сканирование_HTTP #nftables #Caddy #DevSecOps

Finally! Someone from France, using the OVH SAS, tried to break into the my Asterisk box 22 times before fail2ban issued a ban. I feel noticed :drgn_happy_blep:

#fail2ban #Asterisk #bots #selfhosting

Wow, 100,000 more banned IPs over night. Crazy.

#Forgejo #BotScan #fail2ban

I just banned ~30,200 bot-scan IPs with a Forgejo honeypot. More are still coming in.

Do you have any good everyday Forgejo fail2ban filters that you can recommend?

#Forgejo #BotScan #fail2ban

New release of fail2ban-dashboard.

- Simplifies overview page
- Adds details page
- Adds dark and light mode

#fail2ban #fail2bandashboard #golang #security #dashboard

See here: https://github.com/webishdev/fail2ban-dashboard/releases/tag/v0.7.7

找了个时间优化了服务器便利性和“安全性”

1. Termius访问
Termius生成三个密钥分配给三台服务器
export到~/.ssh/authorized_keys
检查authorized_keys内容正确
测试密钥&无密码登录

2. 配置ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 特殊端口/tcp
sudo ufw enable
sudo ufw status verbose

3. 配置fail2ban
sudo nano /etc/fail2ban/jail.local
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
banaction = ufw
ignoreip = 127.0.0.1/8 ::1 X Y Z
[sshd]
enabled = true
port = 特殊端口
backend = systemd

sudo apt update && sudo apt install python3-systemd -y
sudo systemctl enable --now fail2ban
sudo systemctl restart fail2ban
sudo fail2ban-client status sshd

3. 配置sshd_config
sudo nano /etc/ssh/sshd_config
Port 特殊端口
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no

sudo sshd -t
sudo systemctl restart ssh

4. 更改hostname
sudo hostnamectl set-hostname xxx
sudo nano /etc/hosts
修改127.0.1.1 后主机名为xxx
hostnamectl status

5. 配置互通
ssh-keygen -t ed25519 -C "from_$(hostname)" -N "" -f ~/.ssh/id_ed25519
cat id_ed25519.pub
nano ~/.ssh/authorized_keys
一共三行，Termius pub、其他两台服务器的pub

6. 配置Alias
nano ~/.bashrc
alias nc='ssh -p 特殊端口 jay@ipX'
alias cc='ssh -p 特殊端口 jay@ipY'
alias hd='ssh -p 特殊端口 jay@ipZ'
source ~/.bashrc
nc (netcup)
cc (clawcloud)
hd (hostdzire)
或者
nano ~/.ssh/config
Host nc
HostName X
Port 特殊端口
User jay
Host cc
HostName Y
Port 特殊端口
User jay
Host hd
HostName Z
Port 特殊端口
User jay
ssh nc
ssh cc
ssh hd
还可以加上“ProxyJump cc”连 xxx 之前先跳到 cc

#ssh #sshd #pub #alias #ProxyJump #authorized_keys #termius #ufw #fail2ban

Just spent two hours searching why I couldn't access my local Nextcloud instance... turned out I was banned by #fail2ban

Welch eine Augenweide!

Ich lese immer gerne die Mails von #fail2ban vom Wochenende nach.

Ich liebe gute Angriffe!
Dann im Grafana die einzelenn Requests zu sehen, was genau versucht wurde und wie fail2ban die erkannt hat.

Habe großen Respekt vor guten Angriffen!

New Post: How to Harden Security of VPS Server #almalinux #certbot #debian #fail2ban #letsencrypt #rockylinux #security #ubuntu #vps #Cloud #Guides #VPS

How to Harden Security of VPS ...