bookmark_borderInstalling Linux kernel 6.0 on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How to Install Linux kernel 6.0 on Ubuntu 22.10

Kernel is central component of an operating system that manages operations of computer and hardware. It basically manages operations of memory and CPU time. It is core component of an operating system. Kernel acts as a bridge between applications and data processing performed at hardware level using inter-process communication and system calls.

Step 1 – Update your system

First, Update the system packages to the latest versions using the below apt commands,

 apt update
 apt upgrade

Install some of the packages required for the Kernel upgrade,

 apt install gcc make perl wget

Step 2 – Installing Linux Kernel 6.0

By default on Ubuntu 22.10, The kernel version it ships with is version 5.19

Linux Kernel 6.0 is not available on Ubuntu 22.10 base repository. So we will manually download the required Linux Kernel packages from the official site and install.

You can check their official site for a list of available kernel versions that can be installed, kernel.ubuntu.com.

At the time of writing this article, version 6.0.9 was the only latest kernel we could install with.

If you find any newer versions that can be installed, please go ahead with it.

Some points to note, for selecting a different version of kernel.
Open the site kernel.ubuntu.com and scroll to the bottom of the page.
Find a version whose builds are successful, under that, navigate to “amd64” folder.
You will find the required four files to download on the ubuntu system, Linux Headers, Linux Image and Linux Modules.
A successful build looks like below:

Test amd64/build succeeded (rc=0, on=amd64, time=0:12:37, log=amd64/log)
amd64/linux-headers-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb
amd64/linux-headers-6.0.9-060009_6.0.9-060009.202211161102_all.deb
amd64/linux-image-unsigned-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb
amd64/linux-modules-6.0.9-060009-generic_6.0.9-060009.202211161102_amd64.deb

For upgrading to the latest kernel on Ubuntu, follow the given instructions:

wget https//:kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-headers-6.0.9-060009_6.0.9060009.202211161102_all.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-headers-6.0.9-060009-generic-6.0.9060009.202211161102_amd64.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-image-unsigned-6.0.9-060009-generic_6.0.9060009.202211161102_amd64.deb

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.0.9/amd64/linux-modules-6.0.9-060009-generic_6.0.9060009.202211161102_amd64.deb

Now, install the downloaded files using the dpkg command as shown below,

Ensure that there are no other .deb files apart from the ones that were downloaded.
If there are any other .deb files, recommended to remove them before proceeding.

dpkg -i *.deb

After installing the Linux Kernel 6.0, reboot the system to run the new Kernel

reboot

Step 3 – Verify the Kernel version

To verify the kernel installed and running after the reboot, use the uname command as shown below,

uname -r

Output:

root@vps:~# uname -r
6.0.9-060009-generic

This concludes the topic of installing the latest version of Kernel on a Ubuntu System.

bookmark_borderJanuary 2023 CentOS Templates Updated for KVM

Greetings, As part of our commitment to provide you with the latest and most ready-to-use service, we’ve updated the following templates for CentOS 7, CentOS 8-Stream, and CentOS 9-Stream.

This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.

As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.

If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.

Follow us on CrownCloud BlogTwitter, and Facebook for updates regarding current offers and other updates.

Stay tuned for more! – Team CrownCloud

bookmark_borderAlmaLinux Templates Updated for KVM Plans

Greetings,

As part of our commitment to providing you with the latest and most ready-to-use service, we’ve updated our AlmaLinux Templates for AlmaLinux 8 and AlmaLinux 9.

This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.

As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.

If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.

Follow us on the CrownCloud BlogTwitter, and Facebook for updates regarding current offers and other updates.

Stay tuned for further updates!

Team CrownCloud

bookmark_borderJanuary 2023 Rocky Linux Templates Updated for KVM

Greetings,

As part of our commitment to providing you with the latest and most ready-to-use service, we’ve updated the Rocky Linux Templates for Rocky Linux 8 and Rocky Linux 9.

This template update process ensures that any new VPS deployed will come along with the latest available packages so you don’t have to spend time running a large initial update.

As always, any existing VPS can be updated at any time by the user, you may follow our gfuide for the steps required to update your VPS, Click here.

If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.

Follow us on CrownCloud BlogTwitter, and Facebook for updates regarding current offers and other updates.

Stay tuned for further updates!

Team CrownCloud

bookmark_borderJanuary 2023 ISOs Updated for KVM-Based Plans.

As part of our commitment to ensuring the latest operating system images are available for your usage, we have updated the ISOs for the following operating system images,

  • AlmaLinux 8/9
  • Rocky Linux 8/9
  • CentOS 7, 8-Stream, 9-Stream
  • Ubuntu 20.04, 21.04, 21.10, 22.04, 22.10
  • Archlinux x86_64
  • Debian 10/11 amd64
  • Fedora 36/37 x86_64
  • FreeBSD 12 amd64
  • gParted
  • GRML full
  • Netboot.xyz
  • SystemRescue CD
  • VirtIO Drivers

As always, any existing VPS can be updated at any time by the user, you may follow our guide for the steps required to update your VPS, Click here.

If you require any assistance at any time, please feel free to contact our support team via the client area and we’ll help you out.

Follow us on CrownCloud BlogTwitter, and Facebook for updates regarding current offers and other updates.

Stay tuned for further updates!

Team CrownCloud

bookmark_borderHow To Install and Configure Elasticsearch on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How To Install and Configure Elasticsearch on Ubuntu 22.10

Elasticsearch is a platform for real-time, distributed data analysis. Because of its usability, potent features, and scalability, it is a well-liked option. Installing Elasticsearch, configuring it for your use case, securing your installation, and beginning to work with your Elasticsearch server.

First, check for any pending system upgrade

Let’s update software packages first. To perform updates, run the following command:

apt update
apt dist-upgrade

Install the APT HTTPS Transport package, with the following command,

apt install apt-transport-https

Install from APT Repository

Download and install the public signing key:

Wget -qo - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

To Save the repository definition to

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

Install Elasticsearch on Ubuntu 22.10

apt install elasticsearch

During the installation, you will be provided with the elastic superuser password. Kindly note it down for future usage.

Update Firewall Settings

Allow port 9200 for Elasticsearch by running the following ufw command

ufw allow from <yourserver.ip.address> to any port 9200

Enable the firewall service:

ufw enable

Next, view firewall service status:

ufw status

Configuring Elasticsearch

Let us configure Elasticsearch, we will edit its main configuration file elasticsearch.yml, which contains the majority of its configuration options. This file is located in the directory /etc/elasticsearch.

Edit the Elasticsearch configuration file with your preferred text editor. We’ll use nano in this case:

nano /etc/elasticsearch/elasticsearch.yml

Note: Elasticsearch’s configuration file is in YAML format, which means that we need to maintain the indentation format. Be sure that you do not add any extra spaces as you edit this file.

Output:

# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#

Because we specified localhost, Elasticsearch will listen on all interfaces and bound IPs. If you only want it to listen on one interface, use its IP address instead of localhost. Elasticsearch.yml should be saved and closed. If you’re using nano, you can do so by pressing CTRL+X, then Y, and finally ENTER.

These are the bare minimum settings you can use to get started with Elasticsearch. You can now launch Elasticsearch for the first time.

Systemctl will start the Elasticsearch service. Allow Elasticsearch a few moments to load. Otherwise, you may receive errors indicating that you are unable to

Start the Elasticsearchservice,

systemctl start elasticsearch

Enable the Elasticsearchservice,

systemctl enable elasticsearch

Verify that the Elasticsearch has been installed and running on the server by running the following command:

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200

You will be prompted to enter the password for the elastic user. Use the password that was provided to you during the installation from earlier.

Output:


root@vps:~# curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic https://localhost:9200
Enter host password for user 'elastic':
{
  "name" : "vps.server.com",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "HZcPm0lAQMCcsx94chOPPA",
  "version" : {
    "number" : "8.5.1",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "c1310c45fc534583afe2c1c03046491efba2bba2",
    "build_date" : "2022-11-09T21:02:20.169855900Z",
    "build_snapshot" : false,
    "lucene_version" : "9.4.1",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}
root@vps:~#

This concludes the Installation and Configure Elasticsearch on Ubuntu 22.10.

bookmark_borderHow to Install Gogs Git on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How to Install Gogs Git on Ubuntu 22.10


This tutorial will walk you through the steps necessary to install the Gogs self-hosted Git service on an Ubuntu 22.10 server. The Gogs project, written in Go, aims to create a simple, stable, and extensible self-hosted Git service with a simple setup process.

Gogs performs admirably and is extremely light. It uses very little RAM and CPU power. 

Checkout the Gogs Project at https://gogs.io/ for more information.

Prerequisites

  • Full SSH root access or a user with sudo privileges is required.
  • Gogs supports the following databases.
    • SQLite3
    • PostgreSQL
    • MySQL
    • MariaDB

First, check for any pending system upgrade

Let’s update software packages first. To perform updates, run the following command:

apt update
apt upgrade

Install MariaDB Database Server

Use the below command to install MariaDB.

apt install mariadb-server mariadb-client

Check the status of MariaDB service.

root@crown~# systemctl status mariadb
● mariadb.service - MariaDB 10.6.9 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enab>
     Active: active (running) since Sat 2022-11-19 17:44:57 UTC; 8s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 1808 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var>
    Process: 1811 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_ST>
    Process: 1818 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && >
    Process: 1876 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_S>
    Process: 1878 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/>
   Main PID: 1862 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 15 (limit: 2227)
     Memory: 61.6M
        CPU: 418ms
     CGroup: /system.slice/mariadb.service
             └─1862 /usr/sbin/mariadbd

Secure the MariaDB Installation with the below command,

mysql_secure_installation

Output:

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

Login to MariaDB as root user,

mariadb -u root -p

Enable global variables as shown below,

SET GLOBAL innodb_file_per_table = ON;

Create a database called gogs which will be used for this project,

CREATE DATABASE IF NOT EXISTS gogs CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Create a user and grant all the privileges of the gogs database,

GRANT ALL PRIVILEGES ON gogs.* TO 'gogs'@'localhost' IDENTIFIED BY "StrongPassword";

Replace “StrongPassword” with an actual password that is long and strong.

FLUSH PRIVILEGES;
EXIT

Download and Install Gogs from GitHub

Use curl to download the Gogs file from their official github repository.

curl -s https://api.github.com/repos/gogs/gogs/releases/latest | grep browser_download_url | grep '\linux_amd64.tar.gz' | cut -d '"' -f 4 | wget -i -

Un-tar the downloaded Gogs file.

tar xvf gogs_*_linux_amd64.tar.gz

Create a new user called git,

adduser git

Create a dedicated logs directory for it’s user,

mkdir /var/log/gogs

Permit created directory access to the added user,

chown -R git:git /var/log/gogs/

Add the gogs systemd service file to the system directory at /etc/systemd/system/,

cp gogs/scripts/systemd/gogs.service /etc/systemd/system

Create a configuration file for Gogs,

nano /etc/systemd/system/gogs.service

If you want to make use of a different port to host Gogs, refer below.

You can use any other port you want to, this is to keep the site a bit safer.

Edit the ExecStart=/home/git/gogs web port, you can set a custom port such as 3001

ExecStart=/home/git/gogs/gogs web -port 3001

Move the Gogs binary file to /home/git,

mv gogs /home/git/

Change the permission of the site directory.

chown -R git:git /home/git/

To start the Gogs service.

systemctl daemon-reload
systemctl start gogs

Enable Gogs service to run on boot and check the Status,

systemctl enable gogs
systemctl status gogs

Output:

root@crown:~# systemctl status gogs
● gogs.service - Gogs
     Loaded: loaded (/etc/systemd/system/gogs.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-11-19 17:51:21 UTC; 10s ago
   Main PID: 3281 (gogs)
      Tasks: 6 (limit: 2227)
     Memory: 34.5M
        CPU: 271ms
     CGroup: /system.slice/gogs.service
             └─3281 /home/git/gogs/gogs web -port 3001

Configure Gogs

Navigate to your browser and load the server’s IP address or the domain name with 3001 port.

http://server-ip-address:3001 and you will see the Gogs installation screen.

In Database Settings we’ll first enter the Database information that was created earlier.

image

Next, In Application General Settings

  • Application Name – enter the Project name of your choice.
  • Run User – will be the new user that was added earlier, git.
  • Domain – enter the Domain name that should be associated with the application. If you do not have any domain, use localhost.
  • Application URL – enter the IP address of the server or the Domain name with the port to be used. Do not use localhost in Application URL.
  • Log Path – enter the directory path that was created earlier, /var/log/gogs.
image

In Optional Settings,

  • Enable or Disable the required settings that goes with your application usage.
  • Create an Admin Account which you will be using as first user with Admin privileges.
image

Now click on Install Gogs button to start the installation. Once the installation is complete, you will be redirected to login screen.

Login with the Admin user that was just created in the last step.

image

This concludes the Installation and Gogs on Ubuntu 22.10

bookmark_borderHow to Install Drupal on Ubuntu 22.10

Drupal is a Content Management System (CMS) to maintain and publish an internet website. It’s an open-source content management system (CMS) with a large, supportive community. It’s used by millions of people and organizations around the globe to build and maintain their websites.

Update the System

Let us update the system packages to the latest by running the below commands,

apt update -y 
apt upgrade -y

Install MariaDB Server

Next is to install MariaDB or MySQL. I will be using MariaDB for this process. So let’s install MariaDB with the following command.

apt install -y mariadb-server mariadb-client

Secure your database server by setting a root password, disabling root remote logins, and removing test databases.

mysql_secure_installation

Output:

root@crown:~# sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

To log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Check that you can log in to the database as a root user with a password set.

mysql -u root -p

Now that we are able to log in as regular users, we can now create a Drupal database that Drupal can use once we installed it into our system. To create one using the following command.

Create Database for Drupal

Create a database for Drupal and grant all privileges to the Drupal user.

mysql -u root -p
CREATE DATABASE drupal;
CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
FLUSH PRIVILEGES;
\q

Replace “password” with a real and strong password.

Output:


Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 41
Server version: 10.6.9-MariaDB-1 Ubuntu 22.10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE drupal;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.003 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> \q
Bye

Install PHP

By default, Ubuntu 22.10 comes with PHP version 8.1. We will install PHP and other necessary modules required to run Drupal.

apt install php php-{cli,fpm,json,common,mysql,zip,gd,intl,mbstring,curl,xml,pear,tidy,soap,bcmath,xmlrpc}

Output:

root@crown:~# apt install php php-{cli,fpm,json,common,mysql,zip,gd,intl,mbstring,curl,xml,pear,tidy,soap,bcmath,xmlrpc}
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
php is already the newest version (2:8.1+92ubuntu1).
php-cli is already the newest version (2:8.1+92ubuntu1).
php-json is already the newest version (2:8.1+92ubuntu1).
php-common is already the newest version (2:92ubuntu1).
php-mysql is already the newest version (2:8.1+92ubuntu1).
php-zip is already the newest version (2:8.1+92ubuntu1).
php-gd is already the newest version (2:8.1+92ubuntu1).
php-mbstring is already the newest version (2:8.1+92ubuntu1).
php-curl is already the newest version (2:8.1+92ubuntu1).

Install Apache Web Server

As for the Web Server, we will use Apache as it is easy to configure and use.

To install, run the below commands

apt install apache2 libapache2-mod-php

Output:

root@crown:~# apt install apache2 libapache2-mod-php
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
apache2 is already the newest version (2.4.54-2ubuntu1).
libapache2-mod-php is already the newest version (2:8.1+92ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

Update PHP Timezone and Memory Limit.

Enter the TimeZone you want Drupal to use as default.

nano /etc/php/*/apache2/php.ini
memory_limit = 256
date.timezone = UTC

Download the Latest Version of Drupal and extract it on Ubuntu 22.10.

wget https://www.drupal.org/download-latest/tar.gz -O drupal.tar.gz
tar xvf drupal.tar.gz
mv drupal-*/  /var/www/html/drupal

Update ownership for a drupal directory to Apache user and group.

 chown -R www-data:www-data /var/www/html/
 chmod -R 755 /var/www/html/

Configure Apache Web Server for Drupal

Create a configuration file for Drupal.

 nano /etc/apache2/sites-available/drupal.conf

Add the following content,

Replace example.com with your actual domain name. If you do not have any domain, you can enter the server’s IP address instead.

<VirtualHost *:80>
     ServerName example.com
     ServerAdmin admin@example.com
     DocumentRoot /var/www/html/drupal/

     CustomLog ${APACHE_LOG_DIR}/access.log combined
     ErrorLog ${APACHE_LOG_DIR}/error.log

      <Directory /var/www/html/drupal>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
            RewriteEngine on
            RewriteBase /
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
   </Directory>
</VirtualHost>

Configure and Enable the Website using the below commands,

 apachectl -t
 a2dismod mpm_event
 a2enmod mpm_prefork
 a2enmod php8.1
 a2enmod rewrite
 a2ensite drupal.conf
 systemctl restart apache2

Check and Install Drupal on Ubuntu from the browser.

Access the Drupal configuration page by using http://example.com

Replace example.com with your actual domain or the server’s IP address.

images

Select an installation profile.

images

Input the Database configuration that was created from earlier.

images

Wait for the installation to complete,

images

Configure your site,

images

You’ll get to the Drupal dashboard as shown below,

images

Done.

bookmark_borderHow To Protect SSH With Fail2Ban on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How To Protect SSH With Fail2Ban on Ubuntu 22.10

Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs, etc. And uses iptables profiles to block brute-force attempts.

Installing the Fail2Ban package

Check for system updates and install them.

apt update -y

apt upgrade -y

Command to install the Fail2Ban

apt install fail2ban -y

To enable fail2ban, run the following command.

systemctl enable fail2ban

To check the status of the service, run the following command.

systemctl status fail2ban

Output:

root@crown:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor pres>
     Active: active (running) since Thu 2022-10-19 13:37:13 UTC; 14s ago
       Docs: man:fail2ban(1)
   Main PID: 2557 (fail2ban-server)
      Tasks: 5 (limit: 1034)
     Memory: 13.2M
        CPU: 442ms
     CGroup: /system.slice/fail2ban.service
             └─2557 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Configuring Fail2Ban

Jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrades can overwrite this file.

Jail.local contains the same sections where “jail.conf” file contains and it can override these values.

Command to create a jail.local configuration file by copying the default jail.conf file.

cp /etc/fail2ban/jail.{conf,local}

Open the file to configure.

nano /etc/fail2ban/jail.local

Whitelisting IP addresses

Find the following line in the config file /etc/fail2ban/jail.local and uncomment it to whitelist the IP address.

#ignoreip = 127.0.0.1/8 ::1 

Once you uncomment it, add your IP address at the last of the command For ex.

ignoreip = 192.168.0.100 192.168.1.0/24

Multiple IP addresses can be whitelisted with the above configuration, they have to be separated with a single white space. You can also white list an IP block as shown above.

Ban settings

3 main options in these settings,

  • bantime: is the number of sec/hours/day that an IP address is banned.
  • findtime: is the window that fail2ban will pay attention to when looking for repeated failed authentication attempts.
  • maxretry: is the maximum try which will be given before blocking.

Find these lines in the config file /etc/fail2ban/jail.local and change them as you required.

Default values of the option are,

bantime  = 10m

findtime  = 10m

maxretry = 5

Note: If you want to block an IP address permanently use a negative value in the bantime option.

Get e-mail notifications

Note: To receive email alerts, you need to have an SMTP installed on your server.

To receive email alerts with relevant logs, find the following line in the config file /etc/fail2ban/jail.local and make sure that the following line is present.

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

To configure sending and receiving email addresses.

Find the following line in the config file /etc/fail2ban/jail.local and update the details.

Example:

destemail = admin@xyz.com

sender = root@xyz.com

Fail2ban Client

To interact with the Fail2ban service there is a command-line tool called fail2ban-client.

To check its available options enter the following command.

fail2ban-client -h

Here is a few examples that can be performed by using this tool,

Check the jail status.

fail2ban-client status sshd

To unban an IP.

fail2ban-client set sshd unbanip "IP address here"

To Ban an IP.

fail2ban-client set sshd banip "IP address here"

bookmark_borderHow to Enable BBR on Ubuntu 22.10

Hello,

In this week’s feature highlight, we look at How to Install BBR on Ubuntu 22.10

BBR stands for Bottleneck Bandwidth and RTT is a congestion control system. You can enable TCP BBR on your Linux desktop to improve the overall web surfing experience. By default, Linux uses the Reno and CUBIC congestion control algorithm.

Run the following command to check available congestion control algorithms,

sysctl net.ipv4.tcp_available_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic bbr

Run the below command to check the current congestion control algorithm used in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr

Enabling TCP BBR in Ubuntu

Open the following configuration file /etc/sysctl.conf to enable TCP BBR.

 nano /etc/sysctl.conf

At the end of the config file, add the following lines.

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Save the file, and refresh your configuration by using this command,

sysctl -p

Output:

root@crown:~# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

Now, Verify if BBR is enabled in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr