Difference between revisions of "Check list security for feminist servers"
From Anarchaserver
Spideralex (talk | contribs) |
Spideralex (talk | contribs) |
||
| Line 17: | Line 17: | ||
Install and configure some softwares on the host : apache2 LXC | Install and configure some softwares on the host : apache2 LXC | ||
* Notifications: Configure an everyday mail report sent to sysadmins | * Notifications: Configure an everyday mail report sent to sysadmins | ||
* Logging: Logwatch | * Logging: Logwatch + Configure what to log and what not | ||
* Security for containers depending on the service | |||
* Security for containers depending on the service | |||
Revision as of 14:57, 3 October 2020
Checklist for security on a feminist server:
- Active unattended upgrades
- ufw / allow new port ssh
- SSH server:
- Allow ssh only with key, no password PasswordAuthentication no
- Change the port / remember add ufw allow new port ssh
- Disallow login with root ( PermitRootLogin no)
- Activate fail2ban. /configura new port ssh
- Activate things like chkrootkit rkhunter etckeeper
- Allow only TLSv 1.2 (no 1.0 y 1.1)
- For software or service installed check file permissions and allow minimal needed
- External services:
If installing mysql, mongodb, ldap etc check that only uses localhost.
- Apache:
Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC
- Notifications: Configure an everyday mail report sent to sysadmins
- Logging: Logwatch + Configure what to log and what not
- Security for containers depending on the service
