Security of Masternodes

Nick Yeates edited this page Jan 18, 2019 · 1 revision

You will want to secure your machine with multiple levels of security. Within a few minutes of the machine being up, bots and hackers attempt to login and probe it for weakness.

At a minimum, you will want to setup UFW (Uncomplicated Fire Wall) and fail2ban.

The below commands give an example of how to set this up.

apt install ufw
ufw allow ssh/tcp
ufw limit ssh/tcp
ufw allow 30303/tcp
ufw allow 30303/udp
ufw logging on
ufw enable
ufw status

Port 30303 is the only port required for use by tomo. There is optional ports 8595 and 8596 tcp that can be used for the API, however opening the API is a security risk and only for advanced users.

apt install fail2ban
echo -e "# Permanently ban 7+ tries\n[DEFAULT]\nbantime = -1\n\n[sshd]\nenabled = true\nport = ssh\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = 7" > /etc/fail2ban/jail.local
systemctl start fail2ban
systemctl enable fail2ban
fail2ban-client reload
fail2ban-client status sshd

Note that the above permanently bans any ssh connection trying more than 7 times; THIS INCLUDES YOURSELF

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.