Securing Linux

Enable automatic update

Manual

apt update, apt upgrade... don't use apt dist-upgrade 

Automatic

apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades

Limited user account

adduser madindo
usermod -aG sudo madindo

Use no password to login

mkdir ~/.ssh && chmod 700 ~/.ssh
logout
ssh-keygen -b 4096

// send public key to ~/.ssh

Lockdown logins

sudo nano /etc/ssh/sshd_config
// change port
Port {any}
// set to ipv4
AddressFamily inet
// no more root login
PermitRootLogin no
// change use no password
PasswordAuthentication no

Firewall

// to check current ports
sudo ss -tupln
// install ufw
sudo apt install ufw

sudo ufw allow {any}
sudo ufw status
sudo ufw enable

//disable ping
sudo nano /etc/ufw/before.rules

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

sudo ufw reload
sudo reboot