User:Anathonous/GentooSoftware

From Gentoo Wiki
Jump to:navigation Jump to:search

Gentoo Software after Fresh Install

Recommended packages

After every base install. These are packages I recommend installing.

Firewall

A firewall is a good thing to have. I find Ufw easy to manage and configure

root #emerge --ask net-firewall/ufw
root #ufw enable
root #rc-update add ufw default
root #ufw allow ssh
root #rc-service ufw start

SSH

Enable sshd

root #rc-update add sshd default

Fail2ban

Install fail2ban and prevent bruteforce ssh attacks

root #emerge --ask net-analyzer/fail2ban

Change your /etc/fail2ban.conf and modify the following lines

maxretry = 3
enabled = true
banaction = ufw
banaction_allports = ufw
[sshd]
enabled  = true
filter = sshd
action = ufw[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/messages
maxretry = 3

Mostly everything else can be disabled in the list. Keep pam auth though. It may complain about there not being a /var/log/messages. If so.

root #touch /var/log/messages

Create /etc/fail2ban/jail.d/sshd.conf

[sshd]
enabled  = true
filter = sshd
action = ufw[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/messages
maxretry = 3

Enable and start fail2ban

root #rc-update add fail2ban default
root #rc-service fail2ban start


If you need assistance don't be afraid to ask.

Retrieved from "https://wiki.gentoo.org/index.php?title=User:Anathonous/GentooSoftware&oldid=922521"