meta data for this page
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
digital:server:hardening [2018/12/04 10:51] natrius [Installing Tools] |
digital:server:hardening [2019/04/30 20:14] (current) natrius |
||
---|---|---|---|
Line 2: | Line 2: | ||
What i am doing or what i want to do to harden my server. | What i am doing or what i want to do to harden my server. | ||
+ | |||
+ | ## Prerequisites | ||
+ | |||
+ | * A fresh Ubuntu 18.04 installation | ||
+ | * Root privileges | ||
## First minutes | ## First minutes | ||
The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach '' | The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach '' | ||
+ | |||
+ | ### What we will do | ||
+ | |||
+ | * Create a new user with sudo rights | ||
+ | * Test login with the new user | ||
+ | * Configure SSH (deactivate root login, password login, [optional] change Port) | ||
+ | * Install fail2ban (Configure short-term ban and a long-term ban) | ||
+ | * Update (Just in case) | ||
+ | * Install and configure UFW (Just allow used ports like ssh) | ||
+ | * BREAKTIME | ||
### Create a new user with sudo rights | ### Create a new user with sudo rights | ||
Line 114: | Line 129: | ||
### Install and configure UFW | ### Install and configure UFW | ||
- | Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too. | + | Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too. UFW does not play well with Docker, keep that in mind. |
Important commands for UFW | Important commands for UFW | ||
Line 239: | Line 254: | ||
To integrate later | To integrate later | ||
+ | * https:// | ||
* DOD STIG checklists | * DOD STIG checklists | ||
* https:// | * https:// | ||
Line 246: | Line 262: | ||
* https:// | * https:// | ||
* https:// | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ |