provision
How-To-Secure-A-Linux-Serve
provision | How-To-Secure-A-Linux-Serve | |
---|---|---|
1 | 2 | |
5 | - | |
- | - | |
10.0 | - | |
over 1 year ago | - | |
Shell | ||
The Unlicense | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
provision
-
Ask HN: What Linux setup/hardening guide do you use?
I've been hosting small and mid-sized web sites and applications for years without a hitch using my own script, written from reading it up online. It might not work exactly as is for you but perhaps can offer some reference: https://github.com/corenzan/provision
How-To-Secure-A-Linux-Serve
-
Ask HN: How can a total beginner start with self-hosting
> In short it’s all about control, privacy, and security, in that order.
I am going to strongly urge you to consider changing that order and move *security* to the first priority. I have long run my own servers, it is much easier to setup a server with strong security foundation, than to clean up afterwards.
As a beginner, you should stick to a well known and documented Linux server distribution such as Ubuntu Server LTS or Fedora. Only install the programs you need. Do not install a windowing system on it. Do everything for the server from the command line.
Here are a few blog posts I have bookmarked over the years that I think are geared to beginners:
"My First 5 Minutes On A Server; Or, Essential Security for Linux Servers": An quick walk through of how to do basic server security manually [1]. There was a good Hacker News discussion about this article, most of the response suggests using tools to automate these types of security tasks [2], however the short tutorial will teach you a great deal, and automation mostly only makes sense when you are deploying a number of similar servers. I definitely take a more manual hands-on approach to managing my personal servers compared to the ones I professionally deploy.
"How To Secure A Linux Server": An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. [3]
Both Linode[4] and Digital Ocean[5] have created good sets of Tutorials and documentation that are generally trustworthy and kept up-to-date
Good luck and have fun
[1]: https://sollove.com/2013/03/03/my-first-5-minutes-on-a-serve...
[2]: https://news.ycombinator.com/item?id=5316093
[3]: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
[4]: https://www.linode.com/docs/guides/
[5]: https://www.digitalocean.com/community/tutorials
-
Ask HN: What Linux setup/hardening guide do you use?
I can't claim to have been through it but this is sitting on my bookmarks folder and looks very useful: https://github.com/imthenachoman/How-To-Secure-A-Linux-Serve...
My only tip I haven't seen mentioned here is be very careful using docker with ufw, as by default docker will effectively override ufw port restrictions if it is told to expose a port.
What are some alternatives?
kernel-hardening-checker - A tool for checking the security hardening options of the Linux kernel
How-To-Secure-A-Linux-Server - An evolving how-to guide for securing a Linux server.
Pi-hole - A black hole for Internet advertisements
remote-docker - This project uses Docker to create an environment where you can run containers on a remote host, in such a way that your local working directory is visible to the container and optionally use X11 to use a GUI.
syncthing-android - Wrapper of syncthing for Android.
awesome-cli-binaries - Popular modern Linux x86_64 CLI app binaries
ReactBranchContainer - Creates and runs a Docker container based off a branch from a React Application.