Skip to content

Security Infrastructure

Last Updated: 2026-02-15 Security Level: Hardened (Post-Incident Review)


This section covers security tools and configurations protecting iSu Technologies infrastructure. Following a security incident on 2026-02-12 to 2026-02-14, comprehensive hardening measures and incident response tools have been implemented.

ToolPurposeStatusJails/Rules
fail2banIntrusion prevention✅ Active5 jails, 189 IPs banned
UFW/iptablesFirewall✅ Active9 permanent bans
SSH HardeningAccess control✅ HardenedKey-only, restricted
Kernel HardeningSystem protection✅ Active20+ sysctl rules
Auto-UpdatesPatch management✅ ActiveDaily security patches
Incident Response ToolsThreat detection & investigation✅ Active6 automated tools

Our security approach uses multiple layers:

┌─────────────────────────────────────────────────────────────┐
│ LAYER 1: DETECTION │
│ fail2ban (5 jails) + PLGT Stack (Loki, Grafana) │
├─────────────────────────────────────────────────────────────┤
│ LAYER 2: PREVENTION │
│ UFW Firewall + iptables + 45+ Banned IPs │
├─────────────────────────────────────────────────────────────┤
│ LAYER 3: HARDENING │
│ SSH (key-only, 3 retries) + Kernel (sysctl) + Auto-updates │
├─────────────────────────────────────────────────────────────┤
│ LAYER 4: MONITORING │
│ Verbose logging + Security banner + Audit trails │
└─────────────────────────────────────────────────────────────┘
Terminal window
# Overall security status
fail2ban-client status # List all jails
ufw status verbose # Firewall rules
tail -20 /var/log/fail2ban.log # Recent activity
# Current threat level
fail2ban-client status sshd | grep "Currently banned"
JailProtectionBan TimeMax Retry
sshdSSH brute force1 week2
recidiveRepeat offenders30 days2
nginx-http-authHTTP auth attacks1 day3
nginx-botsearchBot scanning1 week2
nginx-req-limitRequest flooding1 day5
PortServiceAccess
22SSHRate-limited
80/443HTTP/HTTPSOpen
3004GrafanaOpen
3005ThriveSendOpen
8001/8003Backend APIsOpen
Terminal window
# 1. Check current attacks
tail -f /var/log/fail2ban.log | grep --color "Ban\|Found"
# 2. Manually ban aggressive IP
fail2ban-client set sshd banip <IP_ADDRESS>
# 3. Permanent UFW ban for persistent attackers
ufw insert 1 deny from <IP_ADDRESS> comment "Permanent ban - reason"
# 4. Check banned count
fail2ban-client status sshd | grep banned
  • Primary: Nhlanhla Mnyandu (nhlanhla@isutech.co.za)
  • Server: Hetzner Production (46.224.40.5)
  • Incident Log: /var/log/security-incidents.log

Hardened: 2026-02-09 | Maintained by iSu Technologies Security Team