Docs
Securing your instance using fail2ban and ufw
Last Updated: 2022-06-14When ordering a server on DataCrunch.io, you might want to look into securing your instance.
We will install and configure fail2ban & ufw. This guide assumes you are logged in as a non-root user. If logged in as root, you do not need to prepend the commands with 'sudo'.
sudo apt updatesudo apt install fail2bansudo apt install ufwsudo ufw allow sshsudo ufw enableFail2ban will block IP addresses which continuously attempt to connect to your machine in the hopes of finding a weak password for example.
Ufw is a firewall management tool, which will block access to all ports unless otherwise specified.
In case you want to run a service like Jupyter notebook you will need to open up a port for that as well. The default port for Jupyter notebook is 8888;
sudo ufw allow 8888That's all! Your VPS is now equipped with a firewall and basic protection against automated machines trying to break in. Check your firewall status and fail2ban status with respective commands:
sudo ufw statussudo fail2ban-client statussudo fail2ban-client status sshdYou might be surprise how many bad actors are trying to obtain access to your server!