this post was submitted on 30 Jul 2023
56 points (100.0% liked)

homelab

6589 readers
6 users here now

founded 4 years ago
MODERATORS
 

It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.

you are viewing a single comment's thread
view the rest of the comments
[–] Cyber@feddit.uk 2 points 1 year ago

This is definitely good advice - and an interesting point on removing ''sudo''

I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don't lock yourself out!