Menu Close

Basic Linux Hardening

Very basic tweaks to improve security at home.
UFW (Uncomplicated Firewall)
Basic setup and rules:
Install the ufw package via. your package manager (gufw is the graphical interface for ufw.)

sudo ufw limit 22/tcp
#rate limit ssh attempts with a period of time.
sudo ufw allow 80/tcp
#enable http.
sudo ufw allow 443/tcp
#enable TLS/SSL connections for http and some home media.
sudo ufw default deny incoming
#deny incoming connections by default
sudo ufw default allow outgoing
#allow outgoing connections by default
sudo ufw enable
#enable ufw

Fail2ban (bans IPs that fail repeated connection attempts)
Install the fail2ban package via. your package manager.

sudo systemctl enable fail2ban
#set fail2ban to start at boot
sudo systemctl start fail2ban
#start fail2ban on current session