by lukaszwojtow on 1/18/22, 6:52 PM with 12 comments
What else?
by franga2000 on 1/18/22, 11:06 PM
Docker containers completely bypass UFW rules (the default firewall on Ubuntu Server). Even if a port isn't open, if a docker forwards it to a container it will be acceptable from the outside. So if you're running Docker, make sure your container port forwards are only bound to localhost (apart from the ones you want to expose intentionally of course) and/or that you use the appropriate patches/scripts that fix this issue (there's a few different ways floating around the web).
by franga2000 on 1/18/22, 11:17 PM
- disabled root account password - ssh rejects root, allows only key-based auth, listens on non-standard port - fail2ban is installed and active - firewall is enabled and all ports are "closed" by default
by codegeek on 1/18/22, 8:25 PM
1. Security updates/unattended upgrades
2. Sudo user (don't use root directly)
3. Log Rotation
4. SSH. Key based only. Ideally with a passphrase. No root login
5. Firewall. Only open ports that are needed (80,443 etc)
Then you can do other things as needed (private network etc).
by strzibny on 1/19/22, 6:30 PM
There is a lot to go through for a comment answer. I think little bit of Google will reveal some decent Ubuntu articles. I'll say at least this. Scratch root access completely, and set up an admin account with SSH-keys auth. That would be a good start to replace password-access.
If you want to be more confident in system configuration, I wrote a book on the topic[0]. It uses enterprise Linux rather than Ubuntu, so I can teach SELinux too (which is actually a big security improvement).
[0] https://twitter.com/strzibnyj/status/1480494670299815939 [1] https://deploymentfromscratch.com
by hakanderyal on 1/19/22, 2:04 AM
by 0xdeadb00f on 1/19/22, 1:44 AM
by mobilio on 1/18/22, 8:39 PM
by cpach on 1/18/22, 7:30 PM
by crate_barre on 1/19/22, 8:47 AM