267
Comment:
|
273
|
Deletions are marked like this. | Additions are marked like this. |
Line 3: | Line 3: |
1 fail2ban | 1. fail2ban |
Line 5: | Line 5: |
2 ssh on non standard port | 2. ssh on non standard port |
Line 7: | Line 7: |
3 iptables + ulog, troubleshootinginmyownballs aka fascist firewall | 3. iptables + ulog, troubleshootinginmyownballs aka fascist firewall |
Line 9: | Line 9: |
4 no sudo on the system | 4. no sudo on the system |
Line 11: | Line 11: |
5 removing __ALL__ setuid programs | 5. removing __ALL__ setuid programs |
Line 13: | Line 13: |
6 remote backup of log, rsyslog | 6. remote backup of log, rsyslog |
My view on securing a debian/ubuntu machine:
- fail2ban
- ssh on non standard port
- iptables + ulog, troubleshootinginmyownballs aka fascist firewall
- no sudo on the system
removing ALL setuid programs
- remote backup of log, rsyslog