Check list security for feminist servers

From Anarchaserver

Checklist for security on a feminist server:

Active unattended upgrades ufw / allow new port ssh SSH server:

  • Allow ssh only with key, no password PasswordAuthentication no
  • Change the port / remember add ufw allow new port ssh
  • Disallow login with root ( PermitRootLogin no)

Activate fail2ban. /configura new port ssh things like chkrootkit rkhunter etckeeper Allow only TLSv 1.2 (no 1.0 y 1.1) For software or service installed check file permissions and allow minimal needed External services

  • If installing mysql, mongodb, ldap etc check that only uses localhost.

Apache Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC Notifications

  • Configure an everyday mail report sent to sysadmins

Logging

  • Logwatch
  • What to log and what not

Security for containers depending on the service