This project simulates securing and auditing a Linux system using industry-standard tools and techniques. The main goal was to identify system vulnerabilities, harden common attack surfaces, and create basic automation to support intrusion detection.
Lynis
chkrootkit
fail2ban
rsyslog
Python
Nano + Bash Command Line
with open("/var/log/auth.log") as f: for line in f: if "Failed password" in line: print(line.strip())
This script scans the SSH authentication log and prints failed login attempts. This basic functionality can be expanded to count IP addresses with repeated attempts, alert the user via email, or feed data into a SIEM.
Lynis upload and audit
chkrootkit upload and scan
Started fail2ban
Created Python script for failed password
Disabled root login over SSH
Configure UFW (Uncomplicated Firewall)
Installed and configured fail2ban to monitor SSH brute-force attempts
Deployed chkrootkit for rootkit detection
Ran lynis to audit system posture and patched findings
Created /var/log/auth.log manually due to missing default syslog output
Installed rsyslog and conigured SSH logging
fail2ban fails silently if syntax is even slightly off in jail.local
System logs are critcal for post-incident detection and triage
Even basic scripting can create helpful alerting tools
Hardening a system involves balancing usability and defense-in-depth