Add a User to the Sudoers group

If you have ever seen this message when issuing the Sudo command, it probably gave you some pause. What am I being reported for?

Username is not in the sudoers file. This incident will be reported.

In reality you probably just forget one important step and that was adding your user to the sudoers group. This can be cleared up easily in one quick command. Remember, this is a privileged command so be logged in as root!

Shell

Now that you have added your user to the sudoers group, it is time to test to make sure it works. The following code will execute whoami with the sudo command and the reply will tell you who the operating system thinks you are.

Shell

For various security concerns it is not good to run your Linux system as root all of the time, so sudo is your friend. As tempting as it is to stay logged in as root, get into the habit of elevating your privileges with sudo instead.

Continue Reading

How to install Fail2ban on Debian 9 Stretch

Fail2Ban Logo

What is Fail2Ban?

Fail2Ban is a application that runs as a service on your Linux system. Fail2Ban monitors your Linux system for malicious activity like brute force login attempts. In this day and age the internet is scanned in it’s entirety quite often. It is not uncommon to expose a new Linux installation to the internet and start getting login attempts within minutes. These bots as they are called attempt logins at a predefined rate until they are successful, or they are blocked. Fail2Ban can monitor SSH and many more services. Those attempts can be jailed for an amount of time, or permanently.

Prerequisites:

  • A Debian 9 (stretch) installation
  • Logged in as root, or preface all commands with sudo
  • An idea of how long you want your ban and retry settings

Step1: Update your installation

We will update apt and upgrade any packages, first things first.

Shell

Step 2: Install Fail2ban

Shell

Step 3: Tweak your configuration

In /etc/fail2ban/jail.conf you will find these settings you will need to tweak to your needs.

Shell
/etc/fail2ban/jail.conf

Lets talk about these settings for a minute.

bantime – This is how long a server is banned in seconds. Personally I up this number greatly. I do not want bots bombarding my server. Once they get banned, personally I would rather just let them stay banned.

findtime – This one may be okay for default, or you may want to up it some. Bots know the defaults, so they like to slow their attempts to match these settings, hoping to get by the fail2ban defaults.

maxretry – Remember, this is the number of retries within the findtime, so the default is 5 tries in 10 minutes.

For more detail on the settings, there is a good article here on blocking persistent threats.

Step 4: Restart fail2ban

Shell

You can also check the status at anytime with the status command

Shell

Continue Reading