Page History

Introduction

Outlined here are the steps to ensure your Ubuntu server has basic security.

...

• adm - so staff can view logs in apps setup without having to use the sudo command

Here is the command,

sudo usermod -a -G adm bhitch
sudo usermod -a -G adm jcassaday
sudo usermod -a -G adm wellis

...

Disable Direct Login as Root Through SSH

Normally having permit root login in ssh in Ubuntu is not a security issue. Root is simply disabled in the OS. This is a hosted Ubuntu only step where often the root account is enabled. This is dangerous because there are attackers out there looking for Unix/Linux boxes and trying to login via ssh using the username root and then a list of common passwords.

Connect to SSH as a staff user and edit sshd_config,

...

The default settigs of fail2ban are usually good enough but you can also customize fail2ban to suit your needs.

After a day or so on the Internet you should start seeing people getting banned in the logs, /var/log/fail2ban.log. Here is an example of an ip getting banned and then after 10 minutes it unbans,

2009-02-15 10:29:24,108 fail2ban.actions: WARNING \[ssh\] Ban 59.63.25.158
2009-02-15 10:39:24,137 fail2ban.actions: WARNING \[ssh\] Unban 59.63.25.158

Unbanning

To unban a user , try these instructions. I am hesitant about playing with the ip tables in any way, so I have not tried myself. I usually just wait the 10 minutes.

According to the developers, Fail2ban version 0.9 will include an unban command through it's own client program.

Triggers to Detect Suspicious Activities

See More Linux Security if you are interested in intrusion detection techniques.