This guide covers the installation and configuration of two essential Linux security tools:
Both tools work together to enhance your server's security.
sudo apt update
sudo apt install fail2ban
sudo dnf install epel-release
sudo dnf install fail2ban
Copy the default configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the jail.local
file:
sudo vi /etc/fail2ban/jail.local
Example configuration for SSH:
[sshd]
enabled = true
port = ssh
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
Restart Fail2ban:
sudo systemctl restart fail2ban
Check the status of Fail2ban:
sudo fail2ban-client status
View details for a specific jail:
sudo fail2ban-client status sshd
sudo apt update
sudo apt install rkhunter
sudo dnf install epel-release
sudo dnf install rkhunter
Update the RKHunter database:
sudo rkhunter --update
Run a system check:
sudo rkhunter --check
View the scan report: The results are displayed directly in the terminal. Look for warnings that require attention.
Set up a daily cron job to run RKHunter:
sudo crontab -e
Add the following line:
0 3 * * * /usr/bin/rkhunter --check --skip-keypress
Both tools can work together:
You can use Ansible to automate the setup and configuration of both tools.
Fail2ban and RKHunter are powerful tools to secure your Linux server. Using them together provides both real-time protection and periodic security audits. For a fully automated setup, use the provided Ansible role.