server_rudimentaer_absichern
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| server_rudimentaer_absichern [2021/08/10 13:42] – admin | server_rudimentaer_absichern [2021/08/16 08:52] (current) – admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== VServer mit Debian 10 rudimentär absichern ====== | ====== VServer mit Debian 10 rudimentär absichern ====== | ||
| - | | + | ===== 1 MySQLs desaströse Grundinstallation richten ===== |
| - | 2 useradd -g users -d /home/user user | + | |
| + | |||
| + | ===== User zufügen, damit man sich im Notfall mit PW einloggen kann ===== | ||
| + | |||
| + | | ||
| passwd user | passwd user | ||
| mkdir /home/user | mkdir /home/user | ||
| Line 9: | Line 13: | ||
| Check, if user can "su -" before proceeding to next step!!! | Check, if user can "su -" before proceeding to next step!!! | ||
| - | | + | ===== Rootlogin nur mit SSH-Key zulassen ===== |
| + | |||
| + | nano / | ||
| PermitRootLogin without-password | PermitRootLogin without-password | ||
| + | ===== Universal Fire Wall installieren und ssh, http und https zulassen ===== | ||
| + | |||
| + | apt install ufw | ||
| + | ufw default deny incoming | ||
| + | ufw default allow outgoing | ||
| + | ufw allow ssh | ||
| + | ufw allow http | ||
| + | ufw allow https | ||
| + | ufw enable | ||
| + | |||
| + | ===== Failban aktivieren, weil dann logfiles lesbarer werden ;-) ===== | ||
| + | |||
| + | apt install fail2ban | ||
| + | cp / | ||
| + | nano / | ||
| + | Adjust whatever you like here. | ||
| + | systemctl restart fail2ban.service | ||
| + | | ||
| + | ===== Unattended Upgrades, damit immer alles aktuell ist ===== | ||
| + | |||
| + | apt-get install unattended-upgrades apt-listchanges | ||
| + | | ||
| + | |||
| + | Weiter mit [[Letsencrypt Installation]] | ||
server_rudimentaer_absichern.1628602943.txt.gz · Last modified: 2021/08/10 13:42 by admin