My view on securing a debian/ubuntu machine:
- fail2ban
- ssh on non standard port
- iptables + ulog, troubleshootinginmyownballs aka fascist firewall
- no sudo on the system
removing ALL setuid programs
- remote backup of log, rsyslog
Revision 4 as of 2009-11-17 00:49:00
Clear message