Hi,
iam a fan of the classic ip(6)tables.
root@12-u:~# iptables -L -n -v
Chain INPUT (policy DROP 252K packets, 13M bytes)
and this is only my vs2-free playground server.
The France-based company,
Mistral
, has recently released a first serious European chatbot named
Le Chat.
It is currently in the rollout process and is available for free.
#Link
https://chat.mistral.ai/chat
#Sources...
Action: Check open ports with running programms
Reason: Sometimes service running that you dont want to have, and every service can be a security risk
Steps:
- Find the services using netstat
netstat -tulpen
- Stop and disable unwanted services
systemctl stop [SERVICENAME]
systemctl disable...
As an example webserver:
Block all traffic from all ips
Whitelist port 443 for all ips
Disable ssh password, enable sshkey , add local passwort for your ssh key
change the port of ssh to 50000
configure portknock to open port 50000 to the knocking ip if knock signal match
So this is a good...
@f33dm3bits yes this is what i mean. As basic setup.
ssh port changed to an other port.
ssh only via key not via password.
iptables blocking all ips and all traffic accept whitelist
portknocking to open the ssh port for the knocking ip.
@blunix finaly its like thay say in the one hacker movie. NO SYSTEM IS SECURE. We can only try to make it as secure as its possible. On cubes os it possible to read your ram out if the hardware have failures or the kernel of the host.
@blunix the problem is after all. Wireguard uses a key too. So if a hacker want to f... your server he can try to crack your wireguard key. So finaly its nearly the same security if you are using ssh with key and without password. The port knocking is only to open the firewall.
Today i have tested the configuration on my salixos at home. It works out of the box. I can configure it on the network manager.
On the server side it require a little change.
The line
Endpoint = <Official IP Host>:51820
is not required for the client.