Check list security for feminist servers

From Anarchaserver
Revision as of 14:53, 3 October 2020 by Spideralex (talk | contribs)

Checklist for security on a feminist server: 

   Active unattended upgrades

   ufw  / allow new port ssh

   SSH server:

   Allow ssh only with key, no password PasswordAuthentication no

   Change the port / remember add ufw allow new port ssh

   Disallow login with root ( PermitRootLogin no)

   Activate fail2ban. /configura new port ssh

   things like chkrootkit rkhunter etckeeper

   Allow only TLSv 1.2 (no 1.0 y 1.1)

   For software or service installed check file permissions and allow minimal needed

   External services

   If installing mysql, mongodb, ldap etc check that only uses localhost.

   Apache

   Include Security header and  CSP in vhost configuration

   Install and configure some softwares on the host : apache2 LXC

   Notifications

   Configure an everyday mail report sent to sysadmins

   Logging

   Logwatch

   What to log and what not

   Security for containers depending on the service
Retrieved from "https://alexandria.anarchaserver.org/index.php?title=Check_list_security_for_feminist_servers&oldid=759"