Disable Root Logins Over SSH
$ sudo vi /etc/ssh/sshd_config
Make sure PermitRootLogin is changed from yes to no
PermitRootLogin no
Install fail2ban
Fail2ban is an intrusion-prevention system that monitors log files and searches for particular patterns that correspond to a failed login attempt. If a certain number of failed logins are detected from a specific IP address (within a specified amount of time), fail2ban blocks access from that IP address.
sudo apt-get install fail2ban
sudo vi /etc/fail2ban/jail.local
Add following in the new file
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
Run
sudo systemctl restart fail2ban
No comments:
Post a Comment