On Tue, Jun 27, 2017 at 07:37:29PM -0400, Truth Hacker via talk wrote:
I am starting to go down the road to harden a Linux server, I am using the Ubuntu server image as my starting point.
I searched a few articles and compiled a list of things to do, so far the stuff is a bit dated. So I was wondering if anyone has stuff ideas to help me harden my system which I plan to use to host my website using a VPS host.
So far I've got step for the following:
SSH / No root login, public key login
I must be awful. I don't do that.
Using DenyHost to reduce brute force password hacking
Is that anything like fail2ban?
Block port scanning Disable PING response
Why?
Closing unused ports
Well any proper firewall would block everything except what is explicitly allowed in, which should take care of that.
Q: What service should I consider disabling from starting automatically.
Anything you are not using.
Q: What program should I remove like (telnet) from my system.
telnet is fine. telnetd on the other hand shouldn't be installed by default on any distribution made this millenium.
I am reading up on iptable and also know about ufw, but not sure how to setup a good firewall, like what to block and not.
I personally like using shorewall to manage iptables.
Any other ideas or checklist would be appreciated.
-- Len Sorensen