server_rudimentaer_absichern
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| server_rudimentaer_absichern [2021/08/10 13:58] – admin | server_rudimentaer_absichern [2021/08/16 08:52] (current) – admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== VServer mit Debian 10 rudimentär absichern ====== | ====== VServer mit Debian 10 rudimentär absichern ====== | ||
| - | | + | ===== 1 MySQLs desaströse Grundinstallation richten ===== |
| - | 2 useradd -g users -d /home/user user | + | |
| + | |||
| + | ===== User zufügen, damit man sich im Notfall mit PW einloggen kann ===== | ||
| + | |||
| + | | ||
| passwd user | passwd user | ||
| mkdir /home/user | mkdir /home/user | ||
| Line 9: | Line 13: | ||
| Check, if user can "su -" before proceeding to next step!!! | Check, if user can "su -" before proceeding to next step!!! | ||
| - | | + | ===== Rootlogin nur mit SSH-Key zulassen ===== |
| + | |||
| + | nano / | ||
| PermitRootLogin without-password | PermitRootLogin without-password | ||
| - | 4 apt install ufw | + | ===== Universal Fire Wall installieren und ssh, http und https zulassen ===== |
| + | |||
| + | | ||
| ufw default deny incoming | ufw default deny incoming | ||
| ufw default allow outgoing | ufw default allow outgoing | ||
| Line 20: | Line 28: | ||
| ufw enable | ufw enable | ||
| - | 5 apt install fail2ban | + | ===== Failban aktivieren, weil dann logfiles lesbarer werden ;-) ===== |
| + | |||
| + | | ||
| cp / | cp / | ||
| nano / | nano / | ||
| Line 26: | Line 36: | ||
| systemctl restart fail2ban.service | systemctl restart fail2ban.service | ||
| | | ||
| + | ===== Unattended Upgrades, damit immer alles aktuell ist ===== | ||
| + | apt-get install unattended-upgrades apt-listchanges | ||
| + | | ||
| + | Weiter mit [[Letsencrypt Installation]] | ||
server_rudimentaer_absichern.1628603916.txt.gz · Last modified: 2021/08/10 13:58 by admin