Ubuntu Server 24.04.4 LTS (Intel / AMD)

Overview

This guide installs:

• Docker Engine
• Docker Compose v2
• Docker Buildx
• Automatic Docker startup at boot

Platform:

• Ubuntu Server 24.04.4 LTS
• Intel / AMD (x86_64)

---

Step 1 — Update Ubuntu

Update package lists and upgrade the system.

sudo apt update
sudo apt upgrade -y

---

Step 2 — Install Required Dependencies

Install packages required for secure repositories.

sudo apt install -y ca-certificates curl gnupg

---

Step 3 — Create Docker Keyring Directory

sudo install -m 0755 -d /etc/apt/keyrings

---

Step 4 — Add Docker Official GPG Key

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Set proper permissions:

sudo chmod a+r /etc/apt/keyrings/docker.gpg

---

Step 5 — Add Docker Repository

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo $VERSION_CODENAME) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

---

Step 6 — Update Package Index

sudo apt update

---

Step 7 — Install Docker Engine and Components

Install Docker Engine and related tools:

sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Installed components include:

• docker-ce – Docker Engine
• docker-ce-cli – Docker command-line tools
• containerd – container runtime
• docker-buildx-plugin – advanced build tool
• docker-compose-plugin – Docker Compose v2

---

Step 8 — Enable Docker to Start Automatically

sudo systemctl enable docker
sudo systemctl start docker

Verify Docker service status:

systemctl status docker

Press Q to exit.

---

Step 9 — Verify Installation

Check Docker version:

docker --version

Example output:

Docker version 26.x.x

Check Docker Compose version:

docker compose version

Example output:

Docker Compose version v2.x.x

---

Step 10 — Test Docker Installation

Run a test container:

sudo docker run hello-world

Expected output:

Hello from Docker!

This confirms Docker is working properly.

---

Step 11 — (Optional) Allow Docker Without sudo

Add your user to the Docker group:

sudo usermod -aG docker $USER

Then log out and log back in or reboot the server.

Test:

docker ps

---

Example Docker Compose Test

Create a Test Directory

mkdir ~/docker-test
cd ~/docker-test

---

Create Compose File

nano docker-compose.yml

Paste the following:

services:
  nginx:
    image: nginx:latest
    ports:
      - "8080:80"

Save and exit.

---

Start Container

docker compose up -d

---

Verify Container Running

docker ps

You should see the nginx container running.

---

Open in Browser

http://SERVER-IP:8080

You should see the Nginx welcome page.

---

Stop the Container

docker compose down

---

Useful Docker Commands

List running containers

docker ps

List all containers

docker ps -a

View container logs

docker logs CONTAINER_NAME

Stop a container

docker stop CONTAINER_NAME

Remove a container

docker rm CONTAINER_NAME

---

Optional Tools (Recommended for Servers)

Common tools installed with Docker environments:

Tool	Purpose
Portainer	Web UI for Docker management
Nginx Proxy Manager	Reverse proxy + SSL
Watchtower	Automatic container updates

I want to give a huge thank you to EarthOnion for providing Vue-after-Free for the PS4. Because of this, I was able to restore the system backup on my PS4, open PS Vue, and successfully run the jailbreak exploit.

Everything worked perfectly — I truly appreciate the effort and contribution to the scene!

---

Non-Jailbroken PS4 System Backup Guide from his GitHub,

Official Repository

Full instructions and files are available here:

https://github.com/Vuemony/vue-after-free

⚠️ Important:
A network connection is required before running Vue. It does not need internet access — a local network is enough. Connect immediately after restoring the system backup.

If your network does have internet access, make sure you read the official connection instructions first.

---

Step 1 – Prepare Your USB Drive

1. Format your USB drive to exFAT.

⚠️ Warning:
Formatting will erase all data on the drive. Back up anything important first.

---

Step 2 – Download the System Backup

1. Download either:
   • VueSystemBackup.7z
   • VueLiteSystemBackup.7z

If you choose Lite Mode, the exploit will automatically launch when opening the app after the initial prompt.

2. Extract the contents of the archive onto your USB drive.
3. Plug the USB into your PS4.

---

Step 3 – Backup Your Data (Optional but Recommended)

If you have a real PSN account on the console:

• Go to:
  Settings > Application Saved Data Management > Saved Data in System Storage
• Back up your save data to the USB.
  (Make sure you have enough free space.)

If you cannot access saved data, your console likely does not have a real PSN account or is not activated. In that case, you cannot back up saves unless you jailbreak first.

Also back up captures:

• Go to:
  Settings > Storage > System Storage > Capture Gallery > All
• Back up your captures to USB.

---

Step 4 – Restore the System Backup

1. Go to:
   Settings > System > Back Up and Restore > Restore PS4
2. Select the system backup from your USB.
3. Restore it.

After reboot, you will have:

• A fake activated user account
• PS Vue installed
• Exploit data ready

---

Step 5 – Prepare the Payload

1. Place your payload (HEN or GoldHEN) on the root of your USB.
2. Rename it to:

payload.bin

After the first run, it will be loaded from /data/, so the USB will not be needed again.

---

Step 6 – Run the Exploit

1. Connect safely to any network (local is fine).
2. Open PS Vue.
3. You will see:

“This service requires you to sign in to PlayStation Network”

Press OK to continue.

4. Press the Jailbreak button to run the exploit
   OR configure:
   • Auto Loader
   • Auto Close

---

⚙️ Important for HEN Users

Before enabling Auto Close:

• Edit config.js
• Add 20 seconds to the close delay by setting:

20000

Then back up the current save file to USB via console settings.

---

Optional – Avoid PSN Pop-Up

After jailbreaking, you can run the np-fake-signin payload to avoid the PSN sign-in pop-up.

---

User Account Information

• Default User Account ID:

1111111111111111

This cannot be changed.

However, you can:

1. Create a new user.
2. Fake activate it.
3. While jailbroken, set up PS Vue under the newly activated account.
4. Resign an OnlineSave if exploit files become corrupted.

---

Document Owner: IT / Network

Scope: Linux servers running OpenSSH where Fail2Ban enforces bans and notifies n8n via webhook.

Goal: Permanently ban brute-force SSH IPs locally (bantime = -1) and send events to n8n for enrichment/alerting.

---

Table of Contents

1. Architecture
2. Prerequisites
3. SOP 1 — Install Fail2Ban
4. SOP 2 — Create n8n Webhook Action
5. SOP 3 — Configure SSH Jail (Permanent Ban + Multi-Action)
6. SOP 4 — Validate & Test
7. SOP 5 — Operations (Monitoring & Health Checks)
8. SOP 6 — Manual Unban
9. SOP 7 — Incident Recovery (Accidental Self-Ban)
10. SOP 8 — Secure the Webhook (Production Standard)
11. SOP 9 — Change Control

---

Architecture

This design keeps Fail2Ban as the local enforcement layer and uses n8n for centralized alerting/intel.

• sshd writes auth failures to /var/log/auth.log (or journald).
• Fail2Ban detects brute-force patterns and applies a local ban.
• n8n receives webhook events to enrich (IP intel), notify (Slack), and correlate across servers.

sshd logs → Fail2Ban jail → firewall ban (%(action_)s)
                         ↘︎ webhook notify → n8n workflow

---

Prerequisites

• Ubuntu/Debian server (or compatible)
• OpenSSH installed and running
• Log file exists: /var/log/auth.log
• Outbound HTTPS allowed to your n8n domain
• n8n webhook endpoint created (POST)

---

SOP 1 — Install Fail2Ban

Procedure

1. Install packages:

sudo apt update
sudo apt install -y fail2ban
sudo systemctl enable --now fail2ban

Validation

systemctl is-active fail2ban
sudo fail2ban-client ping

---

SOP 2 — Create n8n Webhook Action

Create a custom Fail2Ban action that calls n8n when an IP is banned or unbanned.

Procedure

1. Create the action definition:

sudo nano /etc/fail2ban/action.d/n8n-webhook.conf

Paste the following:

[Definition]

# NOTE:
# - actionban/actionunban are all we need for webhook notifications.
# - actionstart/actionstop/actioncheck are intentionally omitted.

actionban = curl -sS -m 8 -X POST "<n8n_url>" \
  -H "Content-Type: application/json" \
  -d '{"event":"fail2ban_ban","jail":"<name>","ip":"<ip>","fq_hostname":"<fq_hostname>","failures":"<failures>","time":"<time>","token":"<token>"}' \
  >/dev/null 2>&1 || true

actionunban = curl -sS -m 8 -X POST "<n8n_url>" \
  -H "Content-Type: application/json" \
  -d '{"event":"fail2ban_unban","jail":"<name>","ip":"<ip>","fq_hostname":"<fq_hostname>","time":"<time>","token":"<token>"}' \
  >/dev/null 2>&1 || true

[Init]
n8n_url =
token =
fq_hostname =

Notes

• Why no actionstart/stop/check? Webhooks don’t require lifecycle setup; only ban/unban events matter.
• Timeout: -m 8 prevents Fail2Ban from hanging on slow networks.
• Reliability: || true prevents webhook failures from breaking Fail2Ban operations.

---

SOP 3 — Configure SSH Jail (Permanent Ban + Multi-Action)

Procedure

1. Edit the jail configuration:

sudo nano /etc/fail2ban/jail.local

Add/replace the SSH jail:

[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
backend = auto

maxretry = 5
findtime = 600
bantime = -1

# Multi-action:
# 1) %(action_)s = default firewall ban action
# 2) n8n-webhook = notify n8n
action = %(action_)s
         n8n-webhook[n8n_url="https://YOUR_N8N_DOMAIN/webhook/fail2ban", token="YOUR_TOKEN", fq_hostname="YOURSERVER.example.com"]

Critical Token Warning

Avoid tokens containing # unless you escape it, because # can be treated as a comment delimiter.

• Good: SecureToken_ABC123
• If you must keep #: escape it like \# (example: abc\#123)

Apply

sudo systemctl restart fail2ban

---

SOP 4 — Validate & Test

Check SSH jail status

sudo fail2ban-client status sshd

Tail Fail2Ban logs

sudo tail -n 200 /var/log/fail2ban.log

Test a ban safely

• Use a separate source IP (not your admin IP)
• Attempt several failed SSH logins to trigger maxretry

Verify n8n

• Confirm the webhook executed in n8n
• Confirm payload includes event, ip, fq_hostname, and jail

---

SOP 5 — Operations (Monitoring & Health Checks)

Daily quick checks

systemctl is-active fail2ban
sudo fail2ban-client status sshd

Investigate suspicious spikes

sudo tail -n 200 /var/log/fail2ban.log
sudo grep "Ban" /var/log/fail2ban.log | tail -n 50

Expected behavior

• Fail2Ban stays active
• Banned IPs accumulate gradually
• No repeated webhook/curl failures in logs

---

SOP 6 — Manual Unban

List current bans

sudo fail2ban-client status sshd

Unban a specific IP

sudo fail2ban-client set sshd unbanip 1.2.3.4

---

SOP 7 — Incident Recovery (Accidental Self-Ban)

Recovery steps

1. Use console access (cloud console / physical / out-of-band)
2. Unban your public IP:

sudo fail2ban-client set sshd unbanip YOUR.PUBLIC.IP.ADDRESS

Optional: protect stable admin IP

If your admin IP is stable, add it to ignoreip:

[sshd]
ignoreip = 127.0.0.1/8 YOUR.PUBLIC.IP.ADDRESS

---

SOP 8 — Secure the Webhook (Production Standard)

• Validate token in n8n as the first step
• Return 401/403 on invalid token
• Rate-limit the webhook at reverse proxy (Nginx/Traefik/Cloudflare)
• Optionally restrict source IPs to only your servers

---

SOP 9 — Change Control

Backup config before changes

sudo cp -a /etc/fail2ban /etc/fail2ban.bak.$(date +%F)

After changes

sudo systemctl restart fail2ban
sudo fail2ban-client status sshd
sudo tail -n 100 /var/log/fail2ban.log

Document changes: date/time, what changed, why, and expected impact.

---

End of SOP.