On 27/06/17 07:37 PM, Truth Hacker via talk wrote:
Hi All,
I am starting to go down the road to harden a Linux server, I am using the Ubuntu server image as my starting point.
I searched a few articles and compiled a list of things to do, so far the stuff is a bit dated. So I was wondering if anyone has stuff ideas to help me harden my system which I plan to use to host my website using a VPS host.
So far I've got step for the following:
SSH / No root login, public key login
I don't disable root login, I actually use it frequently. But I disable PasswordAuthentication (occasionally, on some servers, whitelisting some users who are allowed to use PasswordAuthentication using 'Match user'). I certainly disable PasswordAuthentication for root, but I allow root login with a keypair. fail2ban, as others have mentioned, I always enable too. Though it's nice to whitelist some of your own IPs if they're steady, as a few times a year otherwise I found legit users getting themselves banned (using a different computer, or forgetting a password, and thinking keys were setup when they weren't, typo in the username, etc.). Whitelisting the office IP address has stopped my co-workers from tripping fail2ban :)