Check list security for feminist servers

From Anarchaserver
Revision as of 18:31, 28 March 2020 by Spideralex (talk | contribs) (Created page with "Checklist for security on a feminist server: Active unattended upgrades ufw / allow new port ssh SSH server: * Allow ssh only with key, no password PasswordAuthentication no...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Checklist for security on a feminist server:

Active unattended upgrades ufw / allow new port ssh SSH server:

  • Allow ssh only with key, no password PasswordAuthentication no
  • Change the port / remember add ufw allow new port ssh
  • Disallow login with root ( PermitRootLogin no)

Activate fail2ban. /configura new port ssh things like chkrootkit rkhunter etckeeper Allow only TLSv 1.2 (no 1.0 y 1.1) For software or service installed check file permissions and allow minimal needed External services

  • If installing mysql, mongodb, ldap etc check that only uses localhost.

Apache Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC Notifications

  • Configure an everyday mail report sent to sysadmins

Logging

  • Logwatch
  • What to log and what not

Security for containers depending on the service

Retrieved from "https://alexandria.anarchaserver.org/index.php?title=Check_list_security_for_feminist_servers&oldid=717"