Difference between revisions of "Server Hardening"
(Created page with "Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap. == General == == Linux == == BSD == Category: System") |
(→Linux) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap. | Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap. | ||
| + | |||
| + | '''Note:''' This is a placeholder, we should run through the reference doc below and cherry-pick a couple of things. | ||
== General == | == General == | ||
| Line 5: | Line 7: | ||
== Linux == | == Linux == | ||
| + | === Comfy setup == | ||
| + | * Don't bload APT | ||
| + | echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends | ||
| + | == FreeBSD == | ||
| − | == | + | == References == |
| − | + | * https://www.debian.org/doc/manuals/securing-debian-howto/ | |
| + | * https://github.com/trimstray/the-practical-linux-hardening-guide | ||
| + | * https://fleximus.org/howto/secure-freebsd | ||
| + | * http://bsdadventures.com/harden-freebsd | ||
| + | * https://www.freebsd.org/doc/handbook/audit.html | ||
| + | * https://www.passbolt.com/ | ||
| + | * find a way to track/analyze log files more effectively | ||
| + | * https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ | ||
| + | * 2FA for ssh? | ||
| + | * https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2 | ||
| + | * tinc for accessing delicate services/resources | ||
[[Category: System]] | [[Category: System]] | ||
Latest revision as of 18:20, 16 December 2019
Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap.
Note: This is a placeholder, we should run through the reference doc below and cherry-pick a couple of things.
Contents
General
Linux
= Comfy setup
- Don't bload APT
echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends
FreeBSD
References
- https://www.debian.org/doc/manuals/securing-debian-howto/
- https://github.com/trimstray/the-practical-linux-hardening-guide
- https://fleximus.org/howto/secure-freebsd
- http://bsdadventures.com/harden-freebsd
- https://www.freebsd.org/doc/handbook/audit.html
- https://www.passbolt.com/
- find a way to track/analyze log files more effectively
- https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
- 2FA for ssh?
- https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2
- tinc for accessing delicate services/resources
