Hi guys, what should a install?
I found those in the library:
. Control Network Traffic with iptables
. Using Fail2ban to Block Network Probes
Should i install both?
Anymore tips will be welcome.
Thank you.

If you're on Ubuntu, you can try ufw.

https://help.ubuntu.com/10.10/servergui ... ewall.html
http://bodhizazen.net/Tutorials/iptables/

iptables is already installed, fail2ban just scans logs and temporarily blocks offending ips (it's useful to prevent log flooding).

You should use iptables and it's not a bad idea to use fail2ban.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I've always used CSF/LFD (from experience with another VPS provider), though I see fail2ban is often cited here.

CSF/LFD combine firewall management and a HIDs in the same package which is quite useful, it's not particularly resource heavy either.

It's pretty much the de facto standard for cpanel servers, however it does have gui's for direct admin and webmin as well as a cli option.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Can i install CSF/LFD without a cpanel or something similar?
If so, do i access it through a browser?

Yes, you can install it via the command line and as obs indicated you can administer it via a cPanel plugin or command line or webmin or direct admin. I've used cPanel, CLI, and Webmin to administer it on various systems.

It is always the first thing I set up on any new hardware.

Thanks haus.
I installed CSF, but in installation instructions it says to edit /etc/init.d/syslog and to make sure that any klogd lines are not commented out. But there is no syslog file in there. Do i have to install it?
Thanks

EDIT:

Check that - broken again.

I give up. Here is the suggested fix, but when I do this I am unable to log into my linode.

----

I found this:

http://vladgh.com/blog/ubuntu-1004-and- ... l-messages

and this:

viewtopic.php?t=5533&postdays=0&postorder=asc&highlight=rsyslog+kernel+logging&start=15

---

When I do this "fix" I'm unable to log into my linode unless I stop rsyslog.

LFD and the firewall still work. but without kernel logging I guess portscanning detection won't happen, and I think there are other problems with kernel logging not working in general but this is way beyond me.

Switching to kernel 2.6.37-linode30 seems to have fixed the kernel logging issue. Don't know of the ramifications of doing that vs the paravirt kernel I had been using before (and used to upgrade to 10.10).

Ran an online port scan and everything is working fine (messages showed up in /var/log/messages and CSF blocked it), so if you happen to be using Ubuntu 10.04 or higher with the kernel above, you shouldn't need to make any edits re: klogd.

plus 1 for CSF

I use CSF/LFD myself and love it. Easy to install and configure as well.