this post was submitted on 30 Jul 2023
56 points (100.0% liked)

homelab

6589 readers
6 users here now

founded 4 years ago
MODERATORS
CMonster@lemmy.ml
56
The Reluctant Sysadmin's Guide to Securing a Linux Server (pboyd.io)
submitted 1 year ago by anzo@programming.dev to c/homelab@lemmy.ml
10 comments fedilink hide all child comments
 

It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.

you are viewing a single comment's thread
view the rest of the comments
[–] Cyber@feddit.uk 2 points 1 year ago

This is definitely good advice - and an interesting point on removing ''sudo''

I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don't lock yourself out!