How-To-Secure-A-Linux-Server
Pi-hole
Our great sponsors
How-To-Secure-A-Linux-Server | Pi-hole | |
---|---|---|
48 | 2,356 | |
16,633 | 46,632 | |
- | 0.9% | |
4.6 | 8.0 | |
about 2 months ago | 16 days ago | |
Shell | ||
Creative Commons Attribution Share Alike 4.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How-To-Secure-A-Linux-Server
-
Automating the security hardening of a Linux server
I have been using the How To Secure A Linux Server guide for quite a while and wanted to learn Ansible, so I created two playbooks to automate most of the guides content. The playbooks are still a work in progress.
-
Connecting to docker containers rarely work, including via Caddy (non docker) reverse proxy
If it works, I will then follow the hardening guide I did before (https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) and test after every step
-
Resources to learn backend security from scratch
Maybe these two repos can help you, I've used them both from time to time to look up stuff I have no idea about as a frontend main: https://github.com/imthenachoman/How-To-Secure-A-Linux-Server https://github.com/decalage2/awesome-security-hardening
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
-
Selfhosting Security for Cloud Providers like Hetzner
I suggest these resources: - Some fundamentals: https://www.cyberciti.biz/tips/linux-security.html - One of the best imho ( exhaustive list ): https://github.com/imthenachoman/How-To-Secure-A-Linux-Server - Ansible playbook to harden security by Jeff Geerling: https://github.com/geerlingguy/ansible-role-security - OAWSP Check list ( targeted for web apps... and honestly a bit overkill ): https://github.com/0xRadi/OWASP-Web-Checklist
-
Ask HN: What Linux setup/hardening guide do you use?
I can't claim to have been through it but this is sitting on my bookmarks folder and looks very useful: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
My only tip I haven't seen mentioned here is be very careful using docker with ufw, as by default docker will effectively override ufw port restrictions if it is told to expose a port.
- How I secure my VPS
-
Want to use Linux as main OS but help on hardening it.
As mentioned, there is some great software here https://www.privacytools.io/ and nearly everything you need to know to get started here https://wiki.archlinux.org/title/Security (useful even if you don't use Arch/Arch based distros, some of the stuff may be overkill and you need to figure out where to draw the line yourself in terms of tradeoffs). This guide, although it is geared towards servers also has some useful tips that apply to any linux system and is a little easier to follow https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
- Recommendations for advanced material (reading material, courses, etc) on server security?
- Hardening linux for total newbie?
Pi-hole
-
Radicle: Open-Source, Peer-to-Peer, GitHub Alternative
This is an overreaction, almost to the point of absurdity.
Risks inherent to pipe installers are well understood by many. Using your logic, we should abandon Homebrew [1] (>38k stars on GitHub), PiHole [2] (>46k stars on GitHub), Chef [3], RVM [4], and countless other open source projects that use one-step automated installers (by piping to bash).
A more reasonable response would be to coordinate with the developers to update the docs to provide alternative installation methods, rather than throwing the baby out with the bathwater.
[1] https://brew.sh/
[2] https://github.com/pi-hole/pi-hole
[3] https://docs.chef.io/chef_install_script/#run-the-install-sc...
-
Ask HN: For what purposes do you use a Raspberry Pi?
Pi-hole to block ads and tracking for my less technically savvy relatives
-
Runs on your OpenWrt box: AdGuard Home is network-wide blocking ads and tracking
I ran a competing project[0] on my home network for a few years before I discovered NextDNS[1]. What I lost in performance (requests don't leave my house) I gained in portability: ALL my devices can take advantage – at home and away – and time-saved. PiHole works 90% of the time, but when it did stop working, I'd have to spend a bit of time fixing it. At $20/year, I simply couldn't compete with NextDNS.
Note: This isn't a shill for NextDNS; I love these kinds of projects and think they absolutely should exist, but NextDNS just happens to be one of those dead-simple SaaS tools that is an insanely good value.
-
Higher fees, more ads: streaming cashes in by using the old tactics of cable TV
It definitely IS an option, but at the network level.
It runs on damn near everything, and is a DNS level adblocker for the whole network.
-
In 2024, please switch to Firefox
I recently switched to Wipr [0]. It’s dead simple to use, and will auto update its filter lists in the background.
Adguard [1] is a decent free option.
I also use a Pi-hole [2] on my network.
[0] https://kaylees.site/wipr.html
-
Great Forgotten Sci-Fi Movies of the 1980s
Setup a pi-hole.
-
The Internet will win the war against anti ad-block software. YT is very foolish and basically legitimizes piracy with their "business model"
Get a Pi-Hole: https://pi-hole.net
-
Is there an Android app that blocks the ads on games?
It's definitely not as simple as installing an app on your phone, but I run a Pi-hole on my home network, and it does block ads in many games.
-
Pi hole set up for total beginner
I suggest you start by reading the documentation and install guides on official website: https://pi-hole.net
What are some alternatives?
Technitium DNS Server - Technitium DNS Server
blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
AdGuardHome - Network-wide ads & trackers blocking DNS server
PowerDNS-Admin - A PowerDNS web interface with advanced features
bypass-paywalls-chrome - Bypass Paywalls web browser extension for Chrome and Firefox.
pihole-regex - Custom regex filter list for use with Pi-hole.
unifios-utilities - A collection of enhancements for UnifiOS based devices
docker-nxfilter - :whale: Run NxFilter in Docker!
nextdns - NextDNS CLI client (DoH Proxy)
Webmin - Powerful and flexible web-based server management control panel
SmartTube - SmartTube - an advanced player for set-top boxes and tvs running Android OS
uBlock - uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.