https://github.com/yeszi/ubuntu-lynis-fail2ban
hardening keamanan ubuntu, lynis sebagai sistem audit dan fail2ban untuk pencegahan intrusi.
https://github.com/yeszi/ubuntu-lynis-fail2ban
baseline fail2ban lynis-setup ubuntu
Last synced: 19 days ago
JSON representation
hardening keamanan ubuntu, lynis sebagai sistem audit dan fail2ban untuk pencegahan intrusi.
- Host: GitHub
- URL: https://github.com/yeszi/ubuntu-lynis-fail2ban
- Owner: yeszi
- Created: 2025-11-25T10:43:51.000Z (7 months ago)
- Default Branch: portofolio-grayesi-backend
- Last Pushed: 2025-12-19T16:04:05.000Z (6 months ago)
- Last Synced: 2025-12-21T19:14:43.508Z (6 months ago)
- Topics: baseline, fail2ban, lynis-setup, ubuntu
- Homepage:
- Size: 2.17 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# 🛡️ Studi kasus Proyek 3 : Hardening Sistem Linux dan Audit Keamanan
## 🛡️ Anggota Tim Kelompok 3
* **2201020130** Grayesi Silitonga
* **2201020091** Yohani Natalia Simanullang
* **2201020083** Winda Aulia Ariyani
* **2201020035** Enjelita Br Ginting
## 📋 Dokumentasi Setiap Minggu
- [Link Laporan ](#Link_Laporan) **(https://drive.google.com/file/d/1i7Qx2GgxNrYhgzOOa6tjpmkz_9ovfHyx/view?usp=sharing)**
- [Link Poster ](#Link_Poster) **(https://drive.google.com/file/d/18xrMtQ_c0s5rxEtihnwWg6esosYuMEON/view?usp=sharing)**
- [Link Tabel Hasil Pengujian](#Link_Tabel) **(https://drive.google.com/file/d/1hxw6CZ5gvmACXBnsr2RfLUVjcNC-S3Ew/view?usp=sharing)**
- [Minggu 1](#Minggu_1) **Instalasi Linux (VM) Baseline Audit**
```javascript
# Clone repository Lynis
git clone https://github.com/CISOfy/lynis
# Masuk ke direktori
cd lynis && chmod +x lynis
# Jalankan audit sistem
sudo ./lynis audit system
```
- Perintah untuk menginstal dan menjalankan audit sistem
- [Minggu 2](#Minggu_2) **Konfigurasi User & Permission Management**
- Cek Konfigurasi
```javascript
# Instal UFW (jika belum ada)
sudo apt install ufw
# Atur kebijakan default (Tolak masuk, Izinkan keluar)
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Izinkan akses SSH pada Port Custom (2222)
# Catatan: Sesuaikan dengan port SSH yang akan digunakan
sudo ufw allow 2222/tcp
# Aktifkan Firewall
sudo ufw enable
# Cek status aturan
sudo ufw status verbose
```
- [Minggu 3](#Minggu_3) **Konfigurasi Firewall (UFW / iptables)**
- Cek SSH
```javascript
sudo nano /etc/ssh/sshd_config
//cuplikan code
Port 2222 # Ubah port default (22) ke 2222 (Security by Obscurity)
PermitRootLogin no # Matikan login root
PubkeyAuthentication yes # Wajibkan penggunaan SSH Key
PasswordAuthentication no # (Opsional) Matikan login password jika SSH Key sudah aktif
sudo systemctl restart ssh
```
- [Minggu 4](#Minggu_4) **Hardening SSH + fail2ban**
```javascript
# Instal Fail2Ban
sudo apt update && sudo apt install fail2ban -y
# Salin konfigurasi default agar aman saat update
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# Edit konfigurasi jail.local
sudo nano /etc/fail2ban/jail.local
//TOML
[sshd]
enabled = true
port = 2222 # Wajib sesuaikan dengan port SSH yang baru
logpath = %(sshd_log)s
backend = %(sshd_backend)s
maxretry = 3 # Blokir setelah 3x gagal login
bantime = 3600 # Blokir selama 1 jam
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
```
- [Minggu 5](#Minggu_5) **Audit ulang & scoring keamanan (Lynis)**
```javascript
# Cek status Fail2Ban (pastikan Jail SSH aktif)
sudo fail2ban-client status sshd
# Jalankan audit ulang dengan Lynis
cd lynis
sudo ./lynis audit system
```
---
## 🧐 Tujuan Proyek
1. Meningkatkan keamanan OS dan mengaudit kerentanan konfigurasi.
## 💻 Lingkungan Sistem
* **OS:** Ubuntu Server 20.04 LTS (Running on VirtualBox)
* **RAM:** 8GB
* **Tools:** Lynis v3.0.9, Fail2Ban v0.11
---