meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
digital:server:hardening [2018/12/05 11:11] natrius |
digital:server:hardening [2019/04/30 20:14] natrius |
||
---|---|---|---|
Line 5: | Line 5: | ||
## Prerequisites | ## Prerequisites | ||
- | * Ubuntu 18.04 fresh installed | + | * A fresh Ubuntu 18.04 installation |
* Root privileges | * Root privileges | ||
Line 11: | Line 11: | ||
The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach '' | The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach '' | ||
+ | |||
+ | ### What we will do | ||
+ | |||
+ | * Create a new user with sudo rights | ||
+ | * Test login with the new user | ||
+ | * Configure SSH (deactivate root login, password login, [optional] change Port) | ||
+ | * Install fail2ban (Configure short-term ban and a long-term ban) | ||
+ | * Update (Just in case) | ||
+ | * Install and configure UFW (Just allow used ports like ssh) | ||
+ | * BREAKTIME | ||
### Create a new user with sudo rights | ### Create a new user with sudo rights | ||
Line 119: | Line 129: | ||
### Install and configure UFW | ### Install and configure UFW | ||
- | Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too. | + | Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too. UFW does not play well with Docker, keep that in mind. |
Important commands for UFW | Important commands for UFW | ||
Line 244: | Line 254: | ||
To integrate later | To integrate later | ||
+ | * https:// | ||
* DOD STIG checklists | * DOD STIG checklists | ||
* https:// | * https:// | ||
Line 251: | Line 262: | ||
* https:// | * https:// | ||
* https:// | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ |