On 27/06/17 07:37 PM, Truth Hacker via talk wrote: > Hi All, > > I am starting to go down the road to harden a Linux server, I am using > the Ubuntu server image as my starting point. > > I searched a few articles and compiled a list of things to do, so far > the stuff is a bit dated. So I was wondering if anyone has stuff ideas > to help me harden my system which I plan to use to host my website > using a VPS host. > > So far I've got step for the following: > > SSH / No root login, public key login >
I don't disable root login, I actually use it frequently. But I disable PasswordAuthentication (occasionally, on some servers, whitelisting some users who are allowed to use PasswordAuthentication using 'Match user'). I certainly disable PasswordAuthentication for root, but I allow root login with a keypair. fail2ban, as others have mentioned, I always enable too. Though it's nice to whitelist some of your own IPs if they're steady, as a few times a year otherwise I found legit users getting themselves banned (using a different computer, or forgetting a password, and thinking keys were setup when they weren't, typo in the username, etc.). Whitelisting the office IP address has stopped my co-workers from tripping fail2ban :)
signature.asc
Description: OpenPGP digital signature
--- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
