add selfhosting tutorials

2025-05-17 04:36:58 +00:00 · 2025-05-06 19:51:39 +02:00 · 2025-05-06 19:51:39 +02:00 · cc3824e6a2
commit cc3824e6a2
parent 95c33c8b41
1900 changed files with 32727 additions and 0 deletions
--- a/fail2banssh/index.md
+++ b/fail2banssh/index.md
@ -0,0 +1,171 @@
+# fail2banssh Setup 
+
+In this tutorial we're going to look at how to install fail2ban to protect the ssh service from bruteforce attacks. 
+
+## **Initial Setup**
+
+First we enable rsyslog on the server, to make sure that the ssh login attempts are logged.
+    
+    
+    [ Wonderland ] [ /dev/pts/5 ] [/var/log]
+    → sudo apt-get install rsyslog -y
+    
+    
+    [ mainpc ] [ /dev/pts/8 ] [~/Nextcloud/blog]
+    → ssh root@192.168.0.100 -i ~/.ssh/torified
+    Enter passphrase for key '/home/nihilist/.ssh/torified':
+    
+    
+    [ mainpc ] [ /dev/pts/8 ] [~/Nextcloud/blog]
+    → ssh root@192.168.0.100 -i ~/.ssh/torified -p 2222
+    Enter passphrase for key '/home/nihilist/.ssh/torified':
+    
+    [ Wonderland ] [ /dev/pts/5 ] [/var/log]
+    → tail -f auth.log | grep "port 22"
+    2024-03-30T19:09:31.673606+01:00 wonderland sshd[252531]: Connection from 192.168.0.61 port 51258 on 192.168.0.100 port 22 rdomain ""
+    2024-03-30T19:09:34.365325+01:00 wonderland sshd[252629]: Connection from 192.168.0.61 port 56804 on 192.168.0.100 port 2222 rdomain ""
+    
+    
+
+Then we install fail2ban to make sure that ssh can't be bruteforced:
+    
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → apt install fail2ban
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → systemctl status fail2ban.service
+    ● fail2ban.service - Fail2Ban Service
+         Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: enabled)
+         Active: active (running) since Mon 2023-07-10 21:15:03 CEST; 19s ago
+           Docs: man:fail2ban(1)
+       Main PID: 94740 (fail2ban-server)
+          Tasks: 5 (limit: 77000)
+         Memory: 31.7M
+            CPU: 174ms
+         CGroup: /system.slice/fail2ban.service
+                 └─94740 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
+    
+    Jul 10 21:15:03 Datura systemd[1]: Started fail2ban.service - Fail2Ban Service.
+    Jul 10 21:15:03 Datura fail2ban-server[94740]: 2023-07-10 21:15:03,092 fail2ban.configreader   [94740]: WARNING 'allowipv6' not defined in 'Definition'. Using default one: 'auto'
+    Jul 10 21:15:03 Datura fail2ban-server[94740]: Server ready
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → vim /etc/fail2ban/jail.local
+    
+    [sshd]
+    enabled = true
+    port = ssh
+    filter = sshd
+    logpath = %(sshd_log)s
+    backend = %(sshd_backend)s
+    maxretry = 3
+    findtime = 300
+    bantime = 3600
+    ignoreip = 127.0.0.1
+    
+    	
+    
+
+Then just restart your fail2ban service
+    
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → systemctl restart fail2ban	
+    
+    
+
+Then you can test if the ssh bruteforce attempts are being stopped or not:
+    
+    
+    root@web-gw:~# ssh root@116.202.216.190
+    The authenticity of host '116.202.216.190 (116.202.216.190)' can't be established.
+    ED25519 key fingerprint is SHA256:63Qqh42ab1AnK9iN83ZQMfNDTeTjbFFvaUEZSm9OZQI.
+    This key is not known by any other names.
+    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+    Warning: Permanently added '116.202.216.190' (ED25519) to the list of known hosts.
+    root@116.202.216.190's password:
+    Permission denied, please try again.
+    root@116.202.216.190's password:
+    Permission denied, please try again.
+    root@116.202.216.190's password:
+    root@116.202.216.190: Permission denied (publickey,password).
+    root@web-gw:~# ssh root@116.202.216.190
+    root@116.202.216.190's password:
+    Permission denied, please try again.
+    root@116.202.216.190's password:
+    Permission denied, please try again.
+    root@116.202.216.190's password:
+    root@116.202.216.190: Permission denied (publickey,password).
+    root@web-gw:~#
+    root@web-gw:~#
+    root@web-gw:~# ssh root@116.202.216.190
+    ssh: connect to host 116.202.216.190 port 22: Connection refused
+    root@web-gw:~#
+    root@web-gw:~#
+    root@web-gw:~#
+    root@web-gw:~#
+    root@web-gw:~# ssh root@116.202.216.190
+    ssh: connect to host 116.202.216.190 port 22: Connection refused
+    root@web-gw:~#
+    	
+    
+
+And it does! and you can check that in the logs in /var/log/fail2ban.log:
+    
+    
+    [ nowhere.moe ] [ /dev/pts/0 ] [~]
+    → tail -f /var/log/fail2ban.log -n50
+    2023-07-10 21:15:03,108 fail2ban.server         [94740]: INFO    --------------------------------------------------
+    2023-07-10 21:15:03,108 fail2ban.server         [94740]: INFO    Starting Fail2ban v1.0.2
+    2023-07-10 21:15:03,108 fail2ban.observer       [94740]: INFO    Observer start...
+    2023-07-10 21:15:03,110 fail2ban.database       [94740]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
+    2023-07-10 21:15:03,112 fail2ban.database       [94740]: WARNING New database created. Version '4'
+    2023-07-10 21:15:03,112 fail2ban.jail           [94740]: INFO    Creating new jail 'sshd'
+    2023-07-10 21:15:03,227 fail2ban.jail           [94740]: INFO    Jail 'sshd' uses poller {}
+    2023-07-10 21:15:03,227 fail2ban.jail           [94740]: INFO    Initiated 'polling' backend
+    2023-07-10 21:15:03,228 fail2ban.filter         [94740]: INFO      maxLines: 1
+    2023-07-10 21:15:03,236 fail2ban.filter         [94740]: INFO      maxRetry: 5
+    2023-07-10 21:15:03,236 fail2ban.filter         [94740]: INFO      findtime: 600
+    2023-07-10 21:15:03,236 fail2ban.actions        [94740]: INFO      banTime: 600
+    2023-07-10 21:15:03,236 fail2ban.filter         [94740]: INFO      encoding: UTF-8
+    2023-07-10 21:15:03,236 fail2ban.filter         [94740]: INFO    Added logfile: '/var/log/auth.log' (pos = 0, hash = 5d9bc59d7869511dcb6f77cfd4d2ac0f130c748f)
+    2023-07-10 21:15:03,238 fail2ban.jail           [94740]: INFO    Jail 'sshd' started
+    2023-07-10 21:15:03,342 fail2ban.filter         [94740]: INFO    [sshd] Found 219.157.95.77 - 2023-07-10 21:05:51
+    2023-07-10 21:15:03,343 fail2ban.filter         [94740]: INFO    [sshd] Found 219.157.95.77 - 2023-07-10 21:05:53
+    2023-07-10 21:15:03,343 fail2ban.filter         [94740]: INFO    [sshd] Found 141.98.11.113 - 2023-07-10 21:14:27
+    2023-07-10 21:15:03,344 fail2ban.filter         [94740]: INFO    [sshd] Found 141.98.11.113 - 2023-07-10 21:14:30
+    2023-07-10 21:21:38,514 fail2ban.server         [94740]: INFO    Shutdown in progress...
+    2023-07-10 21:21:38,514 fail2ban.observer       [94740]: INFO    Observer stop ... try to end queue 5 seconds
+    2023-07-10 21:21:38,534 fail2ban.observer       [94740]: INFO    Observer stopped, 0 events remaining.
+    2023-07-10 21:21:38,574 fail2ban.server         [94740]: INFO    Stopping all jails
+    2023-07-10 21:21:38,574 fail2ban.filter         [94740]: INFO    Removed logfile: '/var/log/auth.log'
+    2023-07-10 21:21:39,300 fail2ban.actions        [94740]: NOTICE  [sshd] Flush ticket(s) with iptables-multiport
+    2023-07-10 21:21:39,300 fail2ban.jail           [94740]: INFO    Jail 'sshd' stopped
+    2023-07-10 21:21:39,300 fail2ban.database       [94740]: INFO    Connection to database closed.
+    2023-07-10 21:21:39,300 fail2ban.server         [94740]: INFO    Exiting Fail2ban
+    2023-07-10 21:21:39,461 fail2ban.server         [94842]: INFO    --------------------------------------------------
+    2023-07-10 21:21:39,461 fail2ban.server         [94842]: INFO    Starting Fail2ban v1.0.2
+    2023-07-10 21:21:39,461 fail2ban.observer       [94842]: INFO    Observer start...
+    2023-07-10 21:21:39,466 fail2ban.database       [94842]: INFO    Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
+    2023-07-10 21:21:39,467 fail2ban.jail           [94842]: INFO    Creating new jail 'sshd'
+    2023-07-10 21:21:39,556 fail2ban.jail           [94842]: INFO    Jail 'sshd' uses poller {}
+    2023-07-10 21:21:39,556 fail2ban.jail           [94842]: INFO    Initiated 'polling' backend
+    2023-07-10 21:21:39,557 fail2ban.filter         [94842]: INFO      maxLines: 1
+    2023-07-10 21:21:39,565 fail2ban.filter         [94842]: INFO      maxRetry: 3
+    2023-07-10 21:21:39,565 fail2ban.filter         [94842]: INFO      findtime: 300
+    2023-07-10 21:21:39,565 fail2ban.actions        [94842]: INFO      banTime: 3600
+    2023-07-10 21:21:39,565 fail2ban.filter         [94842]: INFO      encoding: UTF-8
+    2023-07-10 21:21:39,566 fail2ban.filter         [94842]: INFO    Added logfile: '/var/log/auth.log' (pos = 378650, hash = 5d9bc59d7869511dcb6f77cfd4d2ac0f130c748f)
+    2023-07-10 21:21:39,566 fail2ban.jail           [94842]: INFO    Jail 'sshd' started
+    2023-07-10 21:25:29,417 fail2ban.filter         [94842]: INFO    [sshd] Found 23.137.250.141 - 2023-07-10 21:25:29
+    2023-07-10 21:25:29,418 fail2ban.filter         [94842]: INFO    [sshd] Found 23.137.250.141 - 2023-07-10 21:25:29
+    2023-07-10 21:25:31,419 fail2ban.filter         [94842]: INFO    [sshd] Found 23.137.250.141 - 2023-07-10 21:25:30
+    2023-07-10 21:25:31,419 fail2ban.filter         [94842]: INFO    [sshd] Found 23.137.250.141 - 2023-07-10 21:25:30
+    2023-07-10 21:25:31,601 fail2ban.actions        [94842]: NOTICE  [sshd] Ban 23.137.250.141
+    
+    
+