Lockdown is a set of scripts, lists and configuration files used to quickly implement granular intelligent automated firewall security at the host level using iptables, ipset and fail2ban.
Lockdown maintains lists of known malicious IPs, emerging threat networks and country-IP assignments to automatically block bad traffic and allow the good.
Out of the box, Lockdown also helps monitor Apache, Nginx, Mod Security and SSH logs to automatically ban suspicious IPs. Many other services are also supported.
The Internet is a dangerous place, most servers face hundreds or thousands of automated attacks per day. At best they consume valuable server resources better used for pleasing your visitors. Worse yet, your data could be stolen, destroyed or altered.
Lockdown helps drastically reduce the attack surface of your systems. This means you have much less noise obscuring signals from more sophisticated attackers and legitimate traffic.
Lockdown is designed to be used in automated configurations using Nginx such as Docker or AWS services such as Elastic Container Service or Elastic Beanstalk and is also well-suited to, and in use on, dedicated servers running cPanel and LAMP stacks.
It is particularly effective out of the box against brute force and DDOS attacks on web application servers.
$ git clone https://github.com/boldleadsdevelopment/lockdown
$ cd lockdown
$ sudo ./ld-install