How-To-Secure-A-Linux-Server
Pi-hole
How-To-Secure-A-Linux-Server | Pi-hole | |
---|---|---|
48 | 2,357 | |
16,701 | 46,812 | |
- | 0.7% | |
4.6 | 8.0 | |
19 days ago | 10 days ago | |
Shell | ||
Creative Commons Attribution Share Alike 4.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
- An evolving how-to guide for securing a Linux server
- How to Secure a Linux Server
-
Should I set up my own server?
- own server costs about $5/month. I recommend using docker to deploy hbbr and hbbs. Back up the key in case you need to re-deploy. You do need to secure your Linux server, and this community-driven Github guide has some good tips to get started.
- How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
- Time to start security hardening - been lucky for too long
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
Pi-hole
-
Usando NextDNS CLI en tu red.
Si te preguntas, ¿por qué no usar Adguard o Pihole? 🤔
-
Radicle: Open-Source, Peer-to-Peer, GitHub Alternative
This is an overreaction, almost to the point of absurdity.
Risks inherent to pipe installers are well understood by many. Using your logic, we should abandon Homebrew [1] (>38k stars on GitHub), PiHole [2] (>46k stars on GitHub), Chef [3], RVM [4], and countless other open source projects that use one-step automated installers (by piping to bash).
A more reasonable response would be to coordinate with the developers to update the docs to provide alternative installation methods, rather than throwing the baby out with the bathwater.
[1] https://brew.sh/
[2] https://github.com/pi-hole/pi-hole
[3] https://docs.chef.io/chef_install_script/#run-the-install-sc...
[4] https://rvm.io/rvm/install
-
Ask HN: For what purposes do you use a Raspberry Pi?
Pi-hole to block ads and tracking for my less technically savvy relatives
https://pi-hole.net/
-
Runs on your OpenWrt box: AdGuard Home is network-wide blocking ads and tracking
I ran a competing project[0] on my home network for a few years before I discovered NextDNS[1]. What I lost in performance (requests don't leave my house) I gained in portability: ALL my devices can take advantage – at home and away – and time-saved. PiHole works 90% of the time, but when it did stop working, I'd have to spend a bit of time fixing it. At $20/year, I simply couldn't compete with NextDNS.
Note: This isn't a shill for NextDNS; I love these kinds of projects and think they absolutely should exist, but NextDNS just happens to be one of those dead-simple SaaS tools that is an insanely good value.
0 - https://pi-hole.net/
1 - https://nextdns.io
-
Higher fees, more ads: streaming cashes in by using the old tactics of cable TV
It definitely IS an option, but at the network level.
https://pi-hole.net/
It runs on damn near everything, and is a DNS level adblocker for the whole network.
-
In 2024, please switch to Firefox
I recently switched to Wipr [0]. It’s dead simple to use, and will auto update its filter lists in the background.
Adguard [1] is a decent free option.
I also use a Pi-hole [2] on my network.
[0] https://kaylees.site/wipr.html
[1] https://adguard.com/en/adguard-safari/overview.html
[2] https://pi-hole.net/
-
Overwhelmed by a project
Are you trying to build a DNS proxy (similar to Pi-hole) that intercepts DNS requests and checks for the ones that look harmful? If so, I would suggest trying to separately build a DNS client and a DNS server, before trying to integrate them together. Start with Beej's Guide to Network Programming if you need to learn the basics of sockets, and then take a look at the documents that define the DNS protocol itself (RFC1034 and RFC1035).
-
Great Forgotten Sci-Fi Movies of the 1980s
Setup a pi-hole.
- The Internet will win the war against anti ad-block software. YT is very foolish and basically legitimizes piracy with their "business model"
-
Is there an Android app that blocks the ads on games?
It's definitely not as simple as installing an app on your phone, but I run a Pi-hole on my home network, and it does block ads in many games.
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Technitium DNS Server - Technitium DNS Server
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
AdGuardHome - Network-wide ads & trackers blocking DNS server
PowerDNS - PowerDNS Authoritative, PowerDNS Recursor, dnsdist
PowerDNS-Admin - A PowerDNS web interface with advanced features
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
pihole-regex - Custom regex filter list for use with Pi-hole.