Include CyberSecurity
Home
An Increase in Cyberwarfare Looking for an Apartment?
Resources E-mail
Getting Started Redirect HTTP to HTTPS
pwned Password Database
About
Fedora Server - Getting Started!

Date:   Wednesday, November 24, 2021
Author:   ICS Admin

If you have decided to launch a server, either a VPS (Virtual Private Server) or attaching your box directly to the internet, you must lock it down immediately.

The server will experience numerous attacks within the first few moments that it is connected to the internet. This is because bots are just going through IP addresses trying to find a victim. In several tests, this particular server received fifty (50) to over four hundred (400) attempts on the SSH protocol (port 22) in a matter of minutes.

To minimize your server being compromised before you even do your first update, lock it down!

The following steps assume you know how to use ssh, nano (or vi) and are comfortable issuing firewall-cmd commands. Windows users could use the Ubuntu Subsystem for ssh and then use Notepad++ and WinSCP.

Steps
  1. ssh into your server   ssh root@server-ip-address

  2. Go to /etc/firewalld/zones

  3. If you know your active Zone, edit it. In my experience, the default active zone has been FedoraServer.xml for some time.

    4. edit FedoraServer.xml

    To determine your active zone, type in the terminal window: firewall-cmd --get-active-zones

  4. If installed, remove the line containing cockpit-xxxxxx   Linode.com users will find this installed as part of the base image.

  5. Next, you want to lock out all IP addresses connecting to your server, except your own, on the ssh port. The IP address you add here will be the only one that can access the server. Sadly, the last time I looked, you could not add more than one IP address.

    6. <icmp-block-inversion/>
    <rule family="ipv4">
    <source address="your.personal_computer's.ip.address" invert="True"/>
    <service name="ssh"/>
    <reject/>
    </rule>

  6. Save FedoraServer.xml

  7. Restart the firewalld daemon: systemctl restart firewalld

  8. It doesn't hurt to check that the firewall is running correctly: systemctl status firewalld


Above, I mentioned that Cockpit is not needed. It is just another point of entry that you will most likely not monitor. And, I see no advantages in using it.

To finish uninstalling Cockpit, use the following commands:
  1. systemctl status cockpit .... check to see if it is running

  2. systemctl stop cockpit ... stop the service if it is running

  3. systemctl disable cockpit