In this article we will address a very important aspect when running a Massa node, security.
Create a non-root user with sudo privileges
Access your server session using an account without root privileges, this way you will avoid accidentally deleting files or making other errors that compromise the system.
To do this, access SSH through root and perform the following steps:
For this example we will use a new user named massa.
sudo useradd -m -s /bin/bash massa
Assign a password to your new user.
sudo passwd massa
Add user massa to the sudo group.
sudo usermod -aG sudo massa
Update the list of packages in the repositories
Repositories are the list of programs that Linux contains. It is VERY IMPORTANT to keep your system updated with the latest security patches to prevent malicious attacks. This way you will have a safe and reliable place from which to download the software. To update the list of repositories use the following commands.
To update the software lists in the repositories.
sudo apt update
To download the packages that are available.
sudo apt-get upgrade
Change the default listening port of the SSH service
The SSH client is a service that allows you to remotely control your server and access other computers, transmitting data over an encrypted channel. The default port used by SSH is 22 and it is frequently compromised by denial of service attacks. To avoid this you must change this port.
Modify the SSH configuration file.
vi /etc/ssh/sshd_config
Type INSERT to be able to move around the file and edit it.
Use the keyboard arrows until you find the line and modify in:
“#Port 22”
Change the 22 to whatever port you want, removing the comment character #.¶
Port 49157
Use the ESC key, and then the following command to exit.
:wq!
READY!
Next restore the SSH service.
/etc/init.d/ssh restart
Enable the Ubuntu UFW Firewall
UFW is one of the most popular Linux Firewalls. To install and configure it, follow these steps:
Install UFW from the Firewall.
sudo apt install ufw
Check the status of the Firewall.
sudo ufw status
Enable the SSH service.
sudo ufw allow "OpenSSH"
Enable the ports we need. ( do not forget to open the 31244 & 31245 to make the node routable )
sudo ufw allow 49157
List the applications allowed by the Firewall.
sudo ufw app list
Activate the Firewall.
sudo ufw enable
Install fail2ban
Fail2ban is an SSH login intrusion prevention application. It works by blocking unknown IP addresses that try to enter the system without authorization. It is recommended to use this program to protect against denial of service attacks and hacking of servers.
Install fail2ban.
sudo apt install fail2ban
Start the service.
sudo systemctl start fail2ban
Enable the service.
sudo systemctl enable fail2ban
Restores the service.
sudo systemctl restart fail2ban
Check the fail2ban logs.
sudo less /var/log/fail2ban.log
Original made by Cumulo for Massa Labs
To be aware of the project, you can subscribe to the following channels:
Telegram Massa Esp: https://t.me/massa_esp
Telegram oficial: https://t.me/massanetwork
Discord Oficial: discord.com/invite/TnsJQzXkRN