[GTALUG] Linux hardening question
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Wed Jun 28 10:03:20 EDT 2017
On Tue, Jun 27, 2017 at 07:37:29PM -0400, Truth Hacker via talk wrote:
> I am starting to go down the road to harden a Linux server, I am using
> the Ubuntu server image as my starting point.
>
> I searched a few articles and compiled a list of things to do, so far
> the stuff is a bit dated. So I was wondering if anyone has stuff ideas
> to help me harden my system which I plan to use to host my website
> using a VPS host.
>
> So far I've got step for the following:
>
> SSH / No root login, public key login
I must be awful. I don't do that.
> Using DenyHost to reduce brute force password hacking
Is that anything like fail2ban?
> Block port scanning
> Disable PING response
Why?
> Closing unused ports
Well any proper firewall would block everything except what is explicitly
allowed in, which should take care of that.
> Q: What service should I consider disabling from starting automatically.
Anything you are not using.
> Q: What program should I remove like (telnet) from my system.
telnet is fine. telnetd on the other hand shouldn't be installed by
default on any distribution made this millenium.
> I am reading up on iptable and also know about ufw, but not sure how
> to setup a good firewall, like what to block and not.
I personally like using shorewall to manage iptables.
> Any other ideas or checklist would be appreciated.
--
Len Sorensen
More information about the talk
mailing list