Server Hardening
Jump to navigation
Jump to search
Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap.
Note: This is a placeholder, we should run through the reference doc below and cherry-pick a couple of things.
General
Linux
= Comfy setup
- Don't bload APT
echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends
FreeBSD
References
- https://www.debian.org/doc/manuals/securing-debian-howto/
- https://github.com/trimstray/the-practical-linux-hardening-guide
- https://fleximus.org/howto/secure-freebsd
- http://bsdadventures.com/harden-freebsd
- https://www.freebsd.org/doc/handbook/audit.html
- https://www.passbolt.com/
- find a way to track/analyze log files more effectively
- https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
- 2FA for ssh?
- https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2
- tinc for accessing delicate services/resources