Nowadays all major Linux distributions adopted Systemd as their init system/service manager. Creating a systemd service is just a matter of writing a “.service” unit in the appropriate directory, and manage it using the systemctl utility. When starting a service, or launching a process in general, we want to make sure it runs with the lowest possible set of privileges it needs to accomplish the task. Systemd provides a series of options we can be use to fine-tune the behavior of a service, granting or denying privileges in a granular way, and ensuring a certain level of isolation from the rest of the system.
Fail2ban is a free and open source software we can use to mitigate brute force and DoS/DDoS attacks: it scans log files for multiple failed authentication attempts and bans related IP addresses by creating ad-hoc firewall rules.
Ntfy is a free and open source notification service written in Go which lets us easily send and receive push notifications on smartphones or desktop computers via simple POST or PUT requests. The basic online service is publicly available free of charge and, on Linux, it is also possible to self-host an Ntfy instance.
In the client-server architecture used by the SSH protocol, a client can authenticate by providing a tunneled clear text password or by using a public/private key pair: this is called public key authentication. A user who logs in via a public key on a remote machine has complete access to the command line; in certain situations, however, it may be useful to associate a public key to a single specific command, for security reasons.
Firewalld is the default high-level firewall manager on the Red Hat family of distributions. One of its peculiarities is that it defines a series of so called firewall zones: each zone can be considered like a different level of trust and can be configured to allow traffic through a specific set of ports. While Firewalld comes with some predefined zones which can be easily examined and modified, sometimes we may want to create our custom zones from scratch.