homelab

6460 readers

2 users here now

founded 4 years ago

MODERATORS

[email protected]

The Reluctant Sysadmin's Guide to Securing a Linux Server (pboyd.io)

submitted 1 year ago by anzo to c/[email protected]

11 comments fedilink hide all child comments

It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago (1 children)

This is definitely good advice - and an interesting point on removing ''sudo''

I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don't lock yourself out!

[–] [email protected] 1 points 1 year ago

Yes! Geo ip filtering got rid of so much brute forcing for me.