Difference between revisions of "Check list security for feminist servers"

From Anarchaserver
Line 1: Line 1:
'''Checklist for security on a feminist server:'''
'''Checklist for security on a feminist server:'''


    Active unattended upgrades
* Active unattended upgrades
 
* ufw  / allow new port ssh
    ufw  / allow new port ssh
* SSH server:
 
* Allow ssh only with key, no password PasswordAuthentication no
    SSH server:
* Change the port / remember add ufw allow new port ssh
 
* Disallow login with root ( PermitRootLogin no)
    Allow ssh only with key, no password PasswordAuthentication no
* Activate fail2ban. /configura new port ssh
 
* Activate things like chkrootkit rkhunter etckeeper
    Change the port / remember add ufw allow new port ssh
* Allow only TLSv 1.2 (no 1.0 y 1.1)
 
* For software or service installed check file permissions and allow minimal needed
    Disallow login with root ( PermitRootLogin no)
* External services:
 
If installing mysql, mongodb, ldap etc check that only uses localhost.
    Activate fail2ban. /configura new port ssh
* Apache:
 
Include Security header and  CSP in vhost configuration
    things like chkrootkit rkhunter etckeeper
Install and configure some softwares on the host : apache2 LXC
 
* Notifications: Configure an everyday mail report sent to sysadmins
    Allow only TLSv 1.2 (no 1.0 y 1.1)
* Logging: Logwatch
 
    For software or service installed check file permissions and allow minimal needed
 
    External services
 
    If installing mysql, mongodb, ldap etc check that only uses localhost.
 
    Apache
 
    Include Security header and  CSP in vhost configuration
 
    Install and configure some softwares on the host : apache2 LXC
 
    Notifications
 
    Configure an everyday mail report sent to sysadmins
 
    Logging
 
    Logwatch
 
     What to log and what not
     What to log and what not
 
* Security for containers depending on the service<br>
    Security for containers depending on the service<br>

Revision as of 14:57, 3 October 2020

Checklist for security on a feminist server:

  • Active unattended upgrades
  • ufw / allow new port ssh
  • SSH server:
  • Allow ssh only with key, no password PasswordAuthentication no
  • Change the port / remember add ufw allow new port ssh
  • Disallow login with root ( PermitRootLogin no)
  • Activate fail2ban. /configura new port ssh
  • Activate things like chkrootkit rkhunter etckeeper
  • Allow only TLSv 1.2 (no 1.0 y 1.1)
  • For software or service installed check file permissions and allow minimal needed
  • External services:

If installing mysql, mongodb, ldap etc check that only uses localhost.

  • Apache:

Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC

  • Notifications: Configure an everyday mail report sent to sysadmins
  • Logging: Logwatch
   What to log and what not
  • Security for containers depending on the service
Retrieved from "https://alexandria.anarchaserver.org/index.php?title=Check_list_security_for_feminist_servers&oldid=760"