Check list security for feminist servers
From Anarchaserver
Revision as of 14:57, 3 October 2020 by Spideralex (talk | contribs)
Checklist for security on a feminist server:
- Active unattended upgrades
- ufw / allow new port ssh
- SSH server:
- Allow ssh only with key, no password PasswordAuthentication no
- Change the port / remember add ufw allow new port ssh
- Disallow login with root ( PermitRootLogin no)
- Activate fail2ban. /configura new port ssh
- Activate things like chkrootkit rkhunter etckeeper
- Allow only TLSv 1.2 (no 1.0 y 1.1)
- For software or service installed check file permissions and allow minimal needed
- External services:
If installing mysql, mongodb, ldap etc check that only uses localhost.
- Apache:
Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC
- Notifications: Configure an everyday mail report sent to sysadmins
- Logging: Logwatch + Configure what to log and what not
- Security for containers depending on the service