Three door security for your Linux -Firewall, knockd, fail2banFollow @ggarron
Security is always a concern in today world, your house, your car, and your server, I do not know about your house or car, but I can give some advice to implement a real good security system using three doors the intruder will have to pass in order to gain access to your system.
In the first place we will use a script I got on the Internet a long time ago, which implements a real good firewall using IPtables, then, we will have knockd to open the firewall when we want to enter and finally we will have fail2ban, in case the intruder discover our knockd combination, this final step will make it really difficult to guess our password.
This is somehow a compilation of other posts I have written before, I will summarize them here, and make little changes to make it work together for a web server configuration, you can tweak it to work in other scenarios.
Lets start with the iptables script
- Get the code Download the firewall iptables script
- Edit it and make changes only to one line As this example is for a web server I will only open tcp port 80 So search for this line
PERMIT=""And change it to this
/etc/knockd.confand change this line.
command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPTTo this:
command = /usr/sbin/iptables -I INPUT 3 -s %IP% -p tcp --dport 22 -j ACCEPTThis is because we need to insert a rule in our firewall and not add one to the end of it.
Now enable all daemons.
Tip: To make the firewall start automatically, you can also run the script for the first time, then run this command, on Debian or Ubuntu
On Arch Linux
Now be sure you have iptables, knockd, and fail2ban running, it worked for me, if you have any problems or suggestions please use the comments.