The Reluctant Sysadmin's Guide to Securing a Linux Server (pboyd.io)

submitted 1 year ago by anzo@programming.dev to c/homelab@lemmy.ml

11 comments fedilink hide all child comments

It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.

you are viewing a single comment's thread
view the rest of the comments

[-] Cyber@feddit.uk 1 points 1 year ago

This is definitely good advice - and an interesting point on removing ''sudo''

I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don't lock yourself out!

[-] Johnny5@lemm.ee 1 points 1 year ago

Yes! Geo ip filtering got rid of so much brute forcing for me.

this post was submitted on 30 Jul 2023

62 points (100.0% liked)

homelab

6510 readers

38 users here now

founded 4 years ago

MODERATORS

CMonster@lemmy.ml