Seven things to do once your Linux VM is spun up.

R

Rob

Guest

Attachments

  • slide.jpg
    slide.jpg
    10.5 KB · Views: 21,135


I prefer to disallow ANY root logins with or without public/private keys. I only allow one regular user to login using a cryptic password or key. I log in as a regular user, then su to root. (Two levels of authentication to root!) I cannot disable PasswordAuthentication, nor restrict the IP address as I need to access my server remotely from any computer. I do use private/public keys from my primary workstations.

Then I install fail2ban to take care of the idiots that WILL attempt to break in to my servers.
Will look into CSF/LSD as a replacement to fail2ban.

There is no one way to do it as different people have different requirements.

Thanks for the posting!
 
Add a couple other things:
- Remove all unused services/daemons
- Install latest updates for your system
Also, you can try to use iptables instead fail2ban, to limit new connections attempts.
 

Members online


Top