On Tue, Jun 27, 2017 at 7:37 PM, Truth Hacker via talk <[email protected]> wrote: > Hi All, > > I am starting to go down the road to harden a Linux server, I am using > the Ubuntu server image as my starting point. > > I searched a few articles and compiled a list of things to do, so far > the stuff is a bit dated. So I was wondering if anyone has stuff ideas > to help me harden my system which I plan to use to host my website > using a VPS host. > > So far I've got step for the following: > > SSH / No root login, public key login > Using DenyHost to reduce brute force password hacking > Block port scanning > Disable PING response > Closing unused ports > > Q: What service should I consider disabling from starting automatically. > > Q: What program should I remove like (telnet) from my system. > > I am reading up on iptable and also know about ufw, but not sure how > to setup a good firewall, like what to block and not. > > Any other ideas or checklist would be appreciated.
I use to follow the [My First 10 Minutes On A Server][0], but found it too annoying to follow a "checklist" so I converted it to [an Ansible playbook][1]. I now use dev-sec's [Hardening Framework][2] as it does everything I want. I find this stuff extremely boring so automating the work is a big +1 for me. For firewall, I use UFW as it's while documented and easy to use. [0]: https://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/ [1]: https://github.com/myles/2016-10-11-ansible/tree/master/1-getting-started/examples/01-first-ten-minutes [2]: http://dev-sec.io/ --- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
