meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
digital:server:hardening [2018/12/05 11:22]
natrius 		digital:server:hardening [2019/04/30 20:14] (current)
natrius
Line 5: Line 5:
 ## Prerequisites ## Prerequisites
  
-  * Ubuntu 18.04 fresh installed+  * A fresh Ubuntu 18.04 installation
   * Root privileges   * Root privileges
  
Line 12: Line 12:
 The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach ''_BREAKTIME_''. That should not consume too much time and then you can think about what you want to install afterwards. The first steps after installing a new server to make sure nobody can capture it and use it in a way it was not intended. Make sure you work as fast and correct as possible until you reach ''_BREAKTIME_''. That should not consume too much time and then you can think about what you want to install afterwards.
  
-### What are we going to do?+### What we will do
  
   * Create a new user with sudo rights   * Create a new user with sudo rights
Line 129: Line 129:
 ### Install and configure UFW ### Install and configure UFW
  
-Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too.+Install und enable UFW and allow only SSH default [or Enable UFW and disable all inbound traffic from eth0 on all ports except SSH from my local IP (temporary, eventually I allow SSH globally due to potential for IP changes) and disable all outbound traffic except for port 80.] and for hosted websites port 80 and if you intend to use letsencrypt or somethinglike that port 443 too. UFW does not play well with Docker, keep that in mind.
  
 Important commands for UFW Important commands for UFW
Line 254: Line 254:
 To integrate later To integrate later
  
 +  * https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
   * DOD STIG checklists   * DOD STIG checklists
   * https://www.cisecurity.org/cis-benchmarks/   * https://www.cisecurity.org/cis-benchmarks/
Line 261: Line 262:
   * https://www.cyberciti.biz/tips/linux-security.html   * https://www.cyberciti.biz/tips/linux-security.html
   * https://linux-audit.com/ubuntu-server-hardening-guide-quick-and-secure   * https://linux-audit.com/ubuntu-server-hardening-guide-quick-and-secure
 +  * https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/?sort=top
 +  * https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#custom-jails
 +  * https://www.cisecurity.org/cis-benchmarks/
 +
 +