Subscribe
By Fedrianto Ramadhan in tinkering notes

Securing Linux

Enable automatic update

Manual

apt update, apt upgrade... don't use apt dist-upgrade

Automatic

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

Limited user account

adduser madindo
usermod -aG sudo madindo

Use no password to login

mkdir ~/.ssh && chmod 700 ~/.ssh
logout
ssh-keygen -b 4096

// send public key to ~/.ssh

Lockdown logins

sudo nano /etc/ssh/sshd_config
// change port
Port {any}
// set to ipv4
AddressFamily inet
// no more root login
PermitRootLogin no
// change use no password
PasswordAuthentication no

Firewall

// to check current ports
sudo ss -tupln
// install ufw
sudo apt install ufw

sudo ufw allow {any}
sudo ufw status
sudo ufw enable

//disable ping
sudo nano /etc/ufw/before.rules

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

sudo ufw reload
sudo reboot

Subscribe to You Live What You Learn

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe