Our great sponsors
-
ssh-audit
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (by jtesta)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Just be aware that docker bypasses the firewall. So for a docker-container which only connects to another docker-container running on the same server, you would need to explicitly publish 127.0.0.1:1234 or have a look at github chaifeng/ufw-docker, which sets some ufw rules specifically for docker.
For further SSH hardening, see github jtesta/ssh-audit.
Lynis is a tool that will analyze your system and give general security and consistency recommendations. Since you're talking about securing SSH, this tool has a whole list of SSH configurations that it will check and inform you which ones you should tighten up. https://cisofy.com/lynis/