Server Guides: Difference between revisions
m Admin moved page Server-guides to Server Guides: Misspelled title |
→Community Server Guides: added proxmox |
||
Line 10: | Line 10: | ||
* [[Authentik%20Installation|Authentik Installation]] | * [[Authentik%20Installation|Authentik Installation]] | ||
* [[setting%20up%20cryptpad%20server|Setting Up Cryptpad Server]] | * [[setting%20up%20cryptpad%20server|Setting Up Cryptpad Server]] | ||
* Proxmox | |||
<span id="best-practices-to-secure-servers-in-2024"></span> | <span id="best-practices-to-secure-servers-in-2024"></span> |
Revision as of 04:19, 22 September 2024
Server Guides
Community Server Guides
- Matrix Server Guide
- Create SSH Keys
- Service - Storage - Nextcloud
- Authentik Installation
- Setting Up Cryptpad Server
- Proxmox
Best Practices to Secure Servers in 2024
Source:
- Best practice to secure servers in 2024
- Madaidans Insecurities Linux Hardening Guide
- Cyberciti Linux Security Tips
General Security Practices
- No Root Login: Disable root login to enhance security.
- SSH Keys with Password: Use SSH keys with a passphrase and disable password login.
- VPN Access: Require VPN access to reach the SSH server.
- Firmware and Auto Updates: Enable automatic updates for both firmware and software.
- Firewall: Configure a firewall to control incoming and outgoing traffic.
- Regular Updates: Ensure the server and all software are regularly updated.
- Split Disks: Separate
/tmp
and/var
partitions withnoexec
flag. - Log Monitoring: Regularly monitor server logs for suspicious activities.
- Privilege Escalation Mitigation: Use
sysctl
variables and kernel parameters to mitigate privilege escalation. - Audit: Regularly audit the server using tools like
rkhunter
anddebsecan
. - Open Ports: Only open necessary ports (e.g., 80, 443, 22).
Detailed Security Measures
- Data Encryption: Encrypt all data communication.
1. Usescp
,ssh
,rsync
, orsftp
for file transfer. 2. Consider VPNs like OpenVPN or tinc for secure connections.
- Service Management:
1. Avoid using insecure services like FTP, Telnet, and Rsh. 2. Minimize installed software to reduce vulnerability.
- Kernel and Software Updates:
1. Apply all security patches promptly.
2. Consider using tools like apticron
for Debian-based systems.
- Linux Security Extensions:
1. Enable SELinux or other security extensions to enforce limitations on applications.
- User Accounts and Password Policies:
1. Enforce strong password policies. 2. Use tools likepam_cracklib
to enforce password strength. 3. Set up password aging policies usingchage
.
- Fail2ban:
1. Install and configure Fail2ban to block IP addresses after failed login attempts.
- Disable Unwanted Services:
1. Disable unnecessary services and daemons.
2. Use systemctl
to manage services on modern Linux distributions.
- Network Security:
1. Useiptables
orfirewalld
to manage firewall rules. 2. Use tools likenmap
to scan open ports.
- File System Security:
1. Separate critical file systems into different partitions with appropriate mount options (noexec
,nodev
,nosuid
).
- Regular Backups:
1. Implement regular, encrypted backups to an offsite location.
- Intrusion Detection Systems (IDS):
1. Use tools like AIDE and RKHunter for host-based intrusion detection.
- Secure SSH Configuration:
1. Configure SSH for maximum security (e.g., disabling root login, using SSH keys, configuring fail2ban).