I, recently, started running a Lemmy instance. I am, also, new to Linux servers.

At the advisement of some tech acquaintances, I’ve installed UnnattendedUpgrades and Fail2ban.

What would you recommend?

  • southerntofu
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    3 years ago

    i personally don’t recommend fail2ban: it’s a good way to lock yourself out of your own server but will probably not protect you from any attacks.

    for protection unattended upgrades (like you have) and disabling SSH password auth (PasswordAuthentication no in /etc/ssh/sshd_config) is the best you can do.

    also i’ve never run a lemmy instance but make sure the database isn’t reachable from the internet, only from localhost :)

    • krolden
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      3 years ago

      If you get locked out by your own fail2ban rules then you’ve probably forgotten your password.

      Not to mentionyoull probably be able to get control back using your hosts console.

      • southerntofu
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        sure sure it’s just fail2ban doesn’t just apply to SSH and can get your IP banned if you typo on your password on some web service… and from there you can’t SSH into the server to fix the problem ;) ;)

        • krolden
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          Yeah if you dont configure it properly. Ive never actually know anyone get locked out by fail2ban