Difference between revisions of "Server Hardening"
(→Linux) |
|||
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
== Linux == | == Linux == | ||
− | + | === Comfy setup == | |
+ | * Don't bload APT | ||
+ | echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends | ||
== FreeBSD == | == FreeBSD == | ||
Line 17: | Line 19: | ||
* http://bsdadventures.com/harden-freebsd | * http://bsdadventures.com/harden-freebsd | ||
* https://www.freebsd.org/doc/handbook/audit.html | * https://www.freebsd.org/doc/handbook/audit.html | ||
+ | * https://www.passbolt.com/ | ||
+ | * find a way to track/analyze log files more effectively | ||
+ | * https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/ | ||
+ | * 2FA for ssh? | ||
+ | * https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2 | ||
+ | * tinc for accessing delicate services/resources | ||
[[Category: System]] | [[Category: System]] |
Latest revision as of 18:20, 16 December 2019
Some tips to limit surface attack, and other things to help mitigate obvious script kiddy crap.
Note: This is a placeholder, we should run through the reference doc below and cherry-pick a couple of things.
Contents
General
Linux
= Comfy setup
- Don't bload APT
echo 'APT::Install-Recommends "false";' > /etc/apt/apt.conf.d/80norecommends
FreeBSD
References
- https://www.debian.org/doc/manuals/securing-debian-howto/
- https://github.com/trimstray/the-practical-linux-hardening-guide
- https://fleximus.org/howto/secure-freebsd
- http://bsdadventures.com/harden-freebsd
- https://www.freebsd.org/doc/handbook/audit.html
- https://www.passbolt.com/
- find a way to track/analyze log files more effectively
- https://heipei.io/2015/02/26/SSH-Agent-Forwarding-considered-harmful/
- 2FA for ssh?
- https://serverfault.com/questions/116177/whats-the-difference-between-authorized-keys-and-authorized-keys2
- tinc for accessing delicate services/resources