This repository was archived by the owner on Mar 2, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 21
Security of Masternodes
Nick Yeates edited this page Jan 18, 2019
·
1 revision
You will want to secure your machine with multiple levels of security. Within a few minutes of the machine being up, bots and hackers attempt to login and probe it for weakness.
At a minimum, you will want to setup UFW (Uncomplicated Fire Wall) and fail2ban.
The below commands give an example of how to set this up.
apt install ufw
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow 30303/tcp
ufw allow 30303/udp
ufw logging on
ufw enable
ufw statusPort 30303 is the only port required for use by tomo. There is optional ports 8595 and 8596 tcp that can be used for the API, however opening the API is a security risk and only for advanced users.
apt install fail2ban
echo -e "# Permanently ban 7+ tries\n[DEFAULT]\nbantime = -1\n\n[sshd]\nenabled = true\nport = ssh\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = 7" > /etc/fail2ban/jail.local
systemctl start fail2ban
systemctl enable fail2ban
fail2ban-client reload
fail2ban-client status sshdNote that the above permanently bans any ssh connection trying more than 7 times; THIS INCLUDES YOURSELF