Server Guides

From Irregularpedia
Revision as of 05:34, 7 September 2024 by Maintenance script (talk | contribs) (Initial)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Server Guides

Community Server Guides

Matrix Server Guide ' Create SSH Keys Service - Storage - Nextcloud Authentik Installation Setting Up Cryptpad Server

Best Practices to Secure Servers in 2024

Source: - Best practice to secure servers in 2024 - Madaidans Insecurities Linux Hardening Guide - Cyberciti Linux Security Tips

General Security Practices

No Root Login: Disable root login to enhance security.

SSH Keys with Password: Use SSH keys with a passphrase and disable password login.

VPN Access: Require VPN access to reach the SSH server.

Firmware and Auto Updates: Enable automatic updates for both firmware and software.

Firewall: Configure a firewall to control incoming and outgoing traffic.

Regular Updates: Ensure the server and all software are regularly updated.

Split Disks: Separate /tmp and /var partitions with noexec flag.

Log Monitoring: Regularly monitor server logs for suspicious activities.

Privilege Escalation Mitigation: Use sysctl variables and kernel parameters to mitigate privilege escalation.

Audit: Regularly audit the server using tools like rkhunter and debsecan.

Open Ports: Only open necessary ports (e.g., 80, 443, 22).

Detailed Security Measures

Data Encryption: Encrypt all data communication.

  1. Use scp, ssh, rsync, or sftp for file transfer.
  2. Consider VPNs like OpenVPN or tinc for secure connections.

Service Management:

  1. Avoid using insecure services like FTP, Telnet, and Rsh.
  2. Minimize installed software to reduce vulnerability.

Kernel and Software Updates:

  1. Apply all security patches promptly.
  2. Consider using tools like apticron for Debian-based systems.

Linux Security Extensions:

  1. Enable SELinux or other security extensions to enforce limitations on applications.

User Accounts and Password Policies:

  1. Enforce strong password policies.
  2. Use tools like pam_cracklib to enforce password strength.
  3. Set up password aging policies using chage.

Fail2ban:

  1. Install and configure Fail2ban to block IP addresses after failed login attempts.

Disable Unwanted Services:

  1. Disable unnecessary services and daemons.
  2. Use systemctl to manage services on modern Linux distributions.

Network Security:

  1. Use iptables or firewalld to manage firewall rules.
  2. Use tools like nmap to scan open ports.

File System Security:

  1. Separate critical file systems into different partitions with appropriate mount options (noexec, nodev, nosuid).

Regular Backups:

  1. Implement regular, encrypted backups to an offsite location.

Intrusion Detection Systems (IDS):

  1. Use tools like AIDE and RKHunter for host-based intrusion detection.

Secure SSH Configuration:

    • Configure SSH for maximum security (e.g., disabling root login, using SSH keys, configuring fail2ban).
Retrieved from "https://irregularpedia.org/index.php?title=Server_Guides&oldid=236"