On Tue, Jun 27, 2017 at 07:53:02PM -0400, Kevin Cozens via talk wrote:
On 2017-06-27 07:37 PM, Truth Hacker via talk wrote:
I am starting to go down the road to harden a Linux server, I am using the Ubuntu server image as my starting point. [snip] Q: What service should I consider disabling from starting automatically.
Disable any service you won't need for what you are going to be doing with the machine. :)
I am reading up on iptable and also know about ufw, but not sure how to setup a good firewall, like what to block and not.
It depends on the extent to which you want to harden the machine. One way to set up a firewall is deny everything by default then open the holes for the services you need. firewalld is also a firewall related package I've been running across lately.
Install logwatch and have it send the logs to you on a daily basis. Use fail2ban to automatically firewall any machine who fails too many times to login via SSH.
You may also want to "chmod 711 /etc", FWIW.
How well does that work out? So regular users (and services not running as root) can't resolve dns anymore (can't read nsswitch.conf or resolv.conf). That sounds inconvinient.
If you are really serious about hardening a machine read up on SELinux.
-- Len Sorensen