server_rudimentaer_absichern
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
server_rudimentaer_absichern [2021/08/10 13:35] – admin | server_rudimentaer_absichern [2021/08/11 08:25] – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== VServer mit Debian 10 rudimentär absichern ====== | ====== VServer mit Debian 10 rudimentär absichern ====== | ||
- | | + | ===== 1 MySQLs desaströse Grundinstallation richten ===== |
+ | |||
+ | mysql_secure_installation | ||
+ | |||
+ | ===== User zufügen, damit man sich im Notfall mit PW einloggen kann ===== | ||
+ | |||
+ | useradd -g users -d /home/user user | ||
+ | passwd user | ||
+ | mkdir / | ||
+ | chown user / | ||
+ | Check, if user can "su -" before proceeding to next step!!! | ||
+ | |||
+ | ===== Rootlogin nur mit SSH-Key zulassen ===== | ||
+ | |||
+ | nano / | ||
+ | PermitRootLogin without-password | ||
+ | |||
+ | ===== Universal Fire Wall installieren und ssh, http und https zulassen ===== | ||
+ | |||
+ | apt install ufw | ||
+ | ufw default deny incoming | ||
+ | ufw default allow outgoing | ||
+ | ufw allow ssh | ||
+ | ufw allow http | ||
+ | ufw allow https | ||
+ | ufw enable | ||
+ | |||
+ | ===== Failban aktivieren, weil dann logfiles lesbarer werden ;-) ===== | ||
+ | |||
+ | apt install fail2ban | ||
+ | cp / | ||
+ | nano / | ||
+ | Adjust whatever you like here. | ||
+ | systemctl restart fail2ban.service | ||
| | ||
- | 2 | + | ===== Unattended Upgrades, damit immer alles aktuell ist ===== |
+ | |||
+ | apt-get install unattended-upgrades apt-listchanges | ||
+ | |||
+ |
server_rudimentaer_absichern.txt · Last modified: 2021/08/16 08:52 by admin