Being new to Linux servers, I did not know how to secure it really, watched this tutorial on YouTube by Jay see link
This was so useful to me.
If anyone has a good tip for securing our server’s , please share…
1 Like
Generally I follow the Alpine Linux wiki. Best thing is to disable SSH password authentication, disable ssh root login if it was enabled (by default it’s disabled, but things like VPS enable it), add your key to a non-privileged user and ssh into that, and from the non-privileged user, su into a privileged one.
Other than that, there’s also the linux-hardened kernel, but it’s only applicable to Linux. As far as other things go, they are more specific, like if you run a webserver, you should restrict the /admin page unless it comes from known IPs. Stuff like that.
1 Like
I forgot that you also probably want CrowdSec and setting some iptables rules to restrict access on certain ports from IPs that try too many times to authenticate and fail.
1 Like
Thanks for the great advice …
1 Like
I use the DoD Scap tool and STIG viewer. It is the DoD standard to securing a server. Most of it automated when you run the benchmark as well. I think I have a guide on it, but will need to edit some things out. It could be tricky since it make break a thing or two. Also when doing a fresh install, you can apply the DISA RHEL Profile.