Lab 20: Hardening

 

Objective

To get experience hardening a Linux server.

For this lab, you'll get experience setting up three hardening tools: fail2ban, ufw, and aide. For each, you'll install and configure the tool, and turn in a couple screenshots showing what you've done.

 

Part 1: fail2ban

  1. Install fail2ban and make sure it is enabled and started.
  2. Monitor the log file until someone has been banned. This will probably happen within a few minutes, but if not you can login with an incorrect password a few times to trigger it.
  3. Include a screenshot of log showing the banned IP in your submission for this lab.
 

Part 2: ufw

  1. Install ufw and then enable and start it.
  2. Add rules to unblock SSH, HTTP, and HTTPS access.
  3. Run the sudo ufw status command and put its output into the submission.
 

Part 3: aide

  1. Install aide.
  2. Configure it, being sure to include a configuration line removing /home from the database.
  3. Create the initial database for your system files.
  4. Perform a check on the database, which should turn in no changes.
  5. Install any package. If you're not sure what to install sl, the "steam locomotive" is always a good choice. Then run the check again, which should now show that files have been added.
  6. Turn in screenshots of the two check commands.
 

Submitting

Submit your file containing the screenshots for the three parts in Canvas.