Tag: AIDE

When you manage your own VPS, keeping it secure goes far beyond setting up a strong password or using SSH keys. One of the most important — and often overlooked — tasks is monitoring login attempts and file changes.

If someone tries to brute-force their way into your server or modifies system files without authorization, you need to know immediately. In this post, we’ll walk you through simple tools and methods to keep an eye on your VPS security 24/7.

---

🔍 Why Monitoring Matters

Cyberattacks aren’t always obvious. Hackers often:

• Try to gain access via repeated failed logins
• Modify configuration files to install backdoors
• Inject malicious code into websites or scripts
• Use rootkits to hide their presence

By monitoring login attempts and file changes, you can detect suspicious activity early and prevent damage before it escalates.

---

🛡️ Monitor Login Attempts with 

Fail2Ban

✅ What It Does:

Fail2Ban scans your log files (like /var/log/auth.log) and bans IPs that show signs of malicious behavior, such as too many failed login attempts.

🔧 How to Install:

sudo apt update && sudo apt install fail2ban -y

📂 Basic Configuration:

The main config file is located at:

/etc/fail2ban/jail.local

A sample rule to monitor SSH:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

Fail2Ban automatically updates your firewall to block suspicious IPs.

---

🗂️ Monitor File Changes with 

AIDE

 (Advanced Intrusion Detection Environment)

✅ What It Does:

AIDE scans the file system and creates a baseline. It then alerts you when files are modified, added, or deleted.

🔧 How to Install:

sudo apt install aide -y

🛠️ Initialize the Database:

sudo aideinit
sudo cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

📊 Run Regular Checks:

sudo aide --check

For automation, schedule this via cron and configure it to email alerts.

---

🔁 Real-Time File Monitoring with 

inotify-tools

For lightweight, real-time file monitoring (e.g., for specific web directories), use inotify-tools.

🔧 Install:

sudo apt install inotify-tools -y

Example: Watch for changes in 

/var/www/html

:

inotifywait -m -r /var/www/html

This tool is great for developers and sysadmins wanting immediate feedback on file activity.

---

✉️ Optional: Email Alerts for Login & File Events

Combine these tools with email notifications or integrate them with your external monitoring system (Zabbix, Prometheus, or even a simple bash + mail setup) for real-time alerting.

---

🧠 Best Practices

• 🔐 Use SSH keys instead of passwords
• 🔒 Disable root login via SSH
• 🚫 Change default SSH port
• 📉 Monitor logs daily or automate alerting
• 🧾 Keep audit trails and backups

---

💡 All Hosteons VPS & VDS Plans Support These Tools

Whether you’re using a Budget KVM VPS, Ryzen KVM VPS, or Ryzen 7950X VDS, all of these monitoring tools can be installed and configured quickly.

We offer full root access and support popular Linux distributions like Ubuntu, Debian, AlmaLinux, and CentOS — perfect for custom security setups.

---

🔒 Secure Your VPS Before It’s Too Late

Don’t wait until something goes wrong. Set up login and file monitoring today — and stay in control of your VPS.

Have questions? Need help setting it up? Reach out to Hosteons Support — we’re here to help!