Skip to main content

Thanwer's Blog

Tag: GNU/Linux

Netcat

I heard too many times a work colleague, or a third-party vendor telling me “there is something wrong on the network here”, or “This port isn’t open!”.

You can use websites to try to test for open ports, a quick Google search should yield you a couple good results, but sometimes that is not enough.

# The problem

Let’s suppose you followed my other post about restricting source address with iptables, in this case those random web tools won’t help you, so you use nmap!

Advanced SSH Hardening Best Practices

As you could see on my last post about fail2ban, the SSH service is a popular target for brute force attacks, we really should take our time to improve our server’s security.

On top of iptables rules and fail2ban jails, we have a couple parameters that we can fine-tune on our servers to make another layer of protection.

# SSH authentication methods

By default, SSH allows for password authentication for all users except root, which is a good starting point, but we can improve this behavior.

Securing Your Linux Server with Fail2Ban for SSH Protection

Fail2ban is a software which scans log files like /var/log/auth.log and bans IP addresses which have done too many failed login attempts.

This is just one layer of security and should be used together with other tools and techniques such as iptables and SSH hardening.

I always configure a simple SSH jail using fail2ban on my GNU/Linux servers.

Today, I am going to show you how to configure a simple SSH jail.

Mastering iptables: Basic Firewall Configurations for a Newly Deployed GNU/Linux Server

When setting up a new Linux server, one of the first things you’ll want to do is secure it by configuring a firewall. iptables, a powerful firewall tool available on most Linux distributions, is an excellent choice for managing traffic rules.

In this post, I’ll walk you through setting up some basic iptables configurations for a freshly deployed server. By the end, you’ll have a solid firewall to protect your services while keeping things simple.