Comment on Linux Hardening - what are you must-haves?
cron@feddit.de 1 year ago
Not a full list, just some ideas for personal servers.
- Make sure that only the services are exposed that you want to have exposed. For example, a webserver with PHP and mariadb probably does not need to have mariadb reachable from the network.
- Check the default config of all the programs you install. The default is often not the most secure option.
- Have secure authentication on every service on the server. Change all the default passwords.
- DO NOT disable security features like selinux.
- Document your setup, the specific changes you made and make and test backups.
Please be aware that the requirements in a business environment might be different.