Fail2Ban is a great piece of software to keep those who would try (and fail) to access your services. It’s easy to setup as well, and can be as complicated as you want. Firstly perform the install by using this command. This will perform the install and create a service so that when you reboot, fail2ban will automatically start. sudo apt install fail2ban The configuration I am going to be performing will be for sshd, however there are stacks of pre-configured jails that can be used, and if it doesn’t have a pre-canned option, if your app has a log file file, then it can be customised accordingly.
Splunk. Love it to bits, use it at work heaps, but sadly for personal use once you go past that 500Mb/day license requirement thats it, get your wallet out. This is where ELK comes into play. Being open source I thought i’d give it a crack. Here is my experience. I know there are plenty of guides online for this, but went through a bit of trial and error for my setup.