On Tue, Jun 27, 2017 at 07:37:29PM -0400, Truth Hacker via talk wrote: > I am starting to go down the road to harden a Linux server, I am using > the Ubuntu server image as my starting point. > > I searched a few articles and compiled a list of things to do, so far > the stuff is a bit dated. So I was wondering if anyone has stuff ideas > to help me harden my system which I plan to use to host my website > using a VPS host. > > So far I've got step for the following: > > SSH / No root login, public key login
I must be awful. I don't do that. > Using DenyHost to reduce brute force password hacking Is that anything like fail2ban? > Block port scanning > Disable PING response Why? > Closing unused ports Well any proper firewall would block everything except what is explicitly allowed in, which should take care of that. > Q: What service should I consider disabling from starting automatically. Anything you are not using. > Q: What program should I remove like (telnet) from my system. telnet is fine. telnetd on the other hand shouldn't be installed by default on any distribution made this millenium. > I am reading up on iptable and also know about ufw, but not sure how > to setup a good firewall, like what to block and not. I personally like using shorewall to manage iptables. > Any other ideas or checklist would be appreciated. -- Len Sorensen --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
