Is your home or small business Linux secure?

Is your home or small business Linux secure?

 Good sysadmins know many ways to secure their Linux systems, but often home, hobby, and small business users don't put enough emphasis on security. Good security doesn't put all it's eggs in one basket. It's a layered, integrated system of software and behaviour.
A common mistake is for people to just activate a firewall and call it a day.
 One of the tools in my security toolbox is fail2ban. I use it on everything from personal systems to Enterprise servers. It's a simple tool conceptually. It monitors the services you choose for failed access attempts and bans the IP address making the attempt. This is important for stopping brute force attacks. Alone it's not good security, but as part of a larger security system and plan, it's a great tool.
 One tip is to not to just jump in with permanent bans, use timed bans where appropriate. For example, ssh is a particularly bad service to perma-ban because it's all too easy to lock yourself out accidentally.
 Read the docs and figure out your ban options and how fail2ban works. Used properly it's very powerful. Used wrong it can do more harm than good.
 Anyway, take a look at fail2ban and don't let the app's crappy website put you off. Google it, look for good tutorials, and give it a shot. It should be in the default repository of most Linux distributions so installation should be simple.

#Sysadmin   #linux   #security  
http://www.fail2ban.org/wiki/index.php/Main_Page