From Run Your Own
Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap.
Note: This is a placeholder, we should run through the reference doc below and cherry-pick a couple of things.
= Comfy setup
- Don't bload APT
echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends
- find a way to track/analyze log files more effectively
- 2FA for ssh?
- tinc for accessing delicate services/resources