Check list security for feminist servers

From Anarchaserver
Revision as of 14:57, 3 October 2020 by Spideralex (talk | contribs)

Checklist for security on a feminist server:

  • Active unattended upgrades
  • ufw / allow new port ssh
  • SSH server:
  • Allow ssh only with key, no password PasswordAuthentication no
  • Change the port / remember add ufw allow new port ssh
  • Disallow login with root ( PermitRootLogin no)
  • Activate fail2ban. /configura new port ssh
  • Activate things like chkrootkit rkhunter etckeeper
  • Allow only TLSv 1.2 (no 1.0 y 1.1)
  • For software or service installed check file permissions and allow minimal needed
  • External services:

If installing mysql, mongodb, ldap etc check that only uses localhost.

  • Apache:

Include Security header and CSP in vhost configuration Install and configure some softwares on the host : apache2 LXC

  • Notifications: Configure an everyday mail report sent to sysadmins
  • Logging: Logwatch
   What to log and what not
  • Security for containers depending on the service