Difference between revisions of "Check list security for feminist servers"
From Anarchaserver
Spideralex (talk | contribs) (Created page with "Checklist for security on a feminist server: Active unattended upgrades ufw / allow new port ssh SSH server: * Allow ssh only with key, no password PasswordAuthentication no...") |
Spideralex (talk | contribs) |
||
| Line 1: | Line 1: | ||
Checklist for security on a feminist server: | '''Checklist for security on a feminist server:''' | ||
Active unattended upgrades | Active unattended upgrades | ||
ufw / allow new port ssh | |||
SSH server: | ufw / allow new port ssh | ||
SSH server: | |||
Activate fail2ban. /configura new port ssh | Allow ssh only with key, no password PasswordAuthentication no | ||
things like chkrootkit rkhunter etckeeper | |||
Allow only TLSv 1.2 (no 1.0 y 1.1) | Change the port / remember add ufw allow new port ssh | ||
For software or service installed check file permissions and allow minimal needed | |||
External services | Disallow login with root ( PermitRootLogin no) | ||
Apache | Activate fail2ban. /configura new port ssh | ||
Include Security header and CSP in vhost configuration | |||
Install and configure some softwares on the host : apache2 LXC | things like chkrootkit rkhunter etckeeper | ||
Notifications | |||
Allow only TLSv 1.2 (no 1.0 y 1.1) | |||
Logging | |||
For software or service installed check file permissions and allow minimal needed | |||
Security for containers depending on the service | External services | ||
If installing mysql, mongodb, ldap etc check that only uses localhost. | |||
Apache | |||
Include Security header and CSP in vhost configuration | |||
Install and configure some softwares on the host : apache2 LXC | |||
Notifications | |||
Configure an everyday mail report sent to sysadmins | |||
Logging | |||
Logwatch | |||
What to log and what not | |||
Security for containers depending on the service<br> | |||
Revision as of 14:53, 3 October 2020
Checklist for security on a feminist server:
Active unattended upgrades
ufw / allow new port ssh
SSH server:
Allow ssh only with key, no password PasswordAuthentication no
Change the port / remember add ufw allow new port ssh
Disallow login with root ( PermitRootLogin no)
Activate fail2ban. /configura new port ssh
things like chkrootkit rkhunter etckeeper
Allow only TLSv 1.2 (no 1.0 y 1.1)
For software or service installed check file permissions and allow minimal needed
External services
If installing mysql, mongodb, ldap etc check that only uses localhost.
Apache
Include Security header and CSP in vhost configuration
Install and configure some softwares on the host : apache2 LXC
Notifications
Configure an everyday mail report sent to sysadmins
Logging
Logwatch
What to log and what not
Security for containers depending on the service
