After a standard install of debian, these packages still need installing.

apt-get install vim mc iproute2 sysstat systune snmpd ncftp fail2ban nscd needrestart ntpdate ntp plocate mutt postfix

maybe need installing

postfix openssh-server zip unzip bzip2 arj ncftp rsync sshfs

possible to need to do

dpkg-reconfigure postfix

Make sure it is set as a satellite host (because ziggo blocks port 25, but allows port 587 traffic) for mail.edgarbv.com.

Then on the mail.edgarbv.com server add the domain name to

  /etc/postfix/sender_whitelist

and

  postmap sender_whitelist
  postfix reload

/etc/postfix/main.cf on the satellite server should have the following line in it

relayhost = mail.edgarbv.com:587

inet_protocols = ipv4

Notes: Choose between nscd or pdnsd for DNS caching. nscd can be buggy, pdnsd needs resolvconf

vim-tiny is installed by debian by default. This is horrible, and which is why we install vim first!

/etc/default/sysstat: turn ENABLED="true"

/etc/default/snmpd: get rid of 127.0.0.1 from SNMPDOPTS

vi /etc/snmp/snmpd.conf: change the community names

nscd is only usefull for servers not running bind themselves

Troubleshooting: https://github.com/fail2ban/fail2ban/wiki/Troubleshooting

After changing configs test the configs with

fail2ban-client -t

or

fail2ban-client -vvvt

When you restart fail2ban, it will retest all the IPs in the database to see if they still need to be banned. You will see this in /var/log/fail2ban.log. This can take a long time with 10k IPs banned and webserver will be slow during that time.

vi /etc/fail2ban/jail.d/defaults-debian.conf

[sshd]
enabled = true

vi /etc/fail2ban/fail2ban.conf

allowipv6 = auto

vi /etc/fail2ban/jail.local (this is where user edits go AND where the jails you set up are specified.

The default values for all jails are set up top if they differ from the jail.conf and can be overridden per jail.)

[DEFAULT]

ignoreip = 127.0.0.1/8 91.154.222.134 37.252.124.72/24
bantime  = 3d
bantime.increment = true
bantime.multipliers = 1 2 4 8 16 32 64

# Jail for more extended banning of persistent abusers
# !!! WARNINGS !!!
# 1. Make sure that your loglevel specified in fail2ban.conf/.local
#    is not at DEBUG level -- which might then cause fail2ban to fall into
#    an infinite loop constantly feeding itself with non-informative lines
# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
#    to maintain entries for failed logins for sufficient amount of time
[recidive]
enabled = true

[sshd-ddos]
enabled = yes

[proftpd]
enabled  = true

NB don't edit jail.conf - this contains the default definitions for the services which you can override in jail.d/jail.local

you can find options in

  man jail.conf

The jail definitions can be found in /etc/fail2ban/filter.d/

The log files being used can be found in paths-debian.conf and paths-common.conf

The following commands will show you the current running status

Sanity check the config files

fail2ban-client -t  

fail2ban-client -vvvt

dump all configs

fail2ban-client -d

fail2ban-client -d | grep apache-badbots

fail2ban-client restart

  fail2ban-client status

  fail2ban-client status postfix-sasl

To see the status of all the jails in 1 go vi ~/fail2ban-allstatus.sh

#!/bin/bash

# Print status for all fail2ban jails.
  JAILS=($(fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'))
  for JAIL in ${JAILS[@]}
  do
    echo "--------------- 👀  JAIL STATUS: $JAIL ... ---------------"
    fail2ban-client status $JAIL
    echo "bantime: "`fail2ban-client get $JAIL bantime`
    echo "findtime: "`fail2ban-client get $JAIL findtime`
    echo "maxretry: "`fail2ban-client get $JAIL maxretry`

    echo "--------------- ... ---------------"
  done

https://gist.github.com/ahmadawais/840098791653a4973a84e27b8451469e

The following will tell you what the variables are for a specific jail

  fail2ban-client get postfix-sasl bantime

  fail2ban-client get postfix-sasl findtime

  fail2ban-client get postfix-sasl maxretry

The following will show you how the detection is going for a specific jail

fail2ban-regex /var/log/mail/mail.log postfix-sasl

maybe destemail too NB don't edit jail.conf

logging in /var/log/fail2ban.log

Manually banning a range

  fail2ban-client set postfix-sasl banip 81.30.107.0/24

https://www.howtoforge.com/using-fail2ban-on-debian-12/

crontab entry

  5 * * * *       /home/adm_usr/swapfileuse.sh

/home/adm_usr/swapfileuse.sh

#!/bin/sh
#Script to find out what was using swap at what time

LOGFILE=/var/log/swapuse.log
echo "--------------------------------------------------------------------------------" >> $LOGFILE
echo `date` >> $LOGFILE
echo "Total swapfile use (mB)" >> $LOGFILE
free -m | grep Swap | awk '{ print $3 }' >> $LOGFILE
echo " " >> $LOGFILE

for file in /proc/*/status ; do awk '/VmSwap|Name/{printf $2 " " $3}END{ print ""}' $file; done | grep -v "0 kB" | grep kB >> $LOGFILE

might need apt-get install resolvconf but I don't like it much

vi /etc/denyhosts.com

set PURGE_DENY = 1w and ADMIN_EMAIL = red@email.com and SMTP_FROM = Denyhosts $machinename <nobody@localhost>

Also, if a host keeps getting denied, you can stop it from going in the /etc/hosts.deny file by putting the IP address into a line in /var/lib/denyhosts/allowed-hosts

packages: hal atsar iproute