{Updated} Linux server security checklist. #sysadmin
Posted by jpluimers on 2019/03/11
Most tips are OK, but:
- for password related policies, please read these:
- [WayBack] NIST Special Publication 800-63B: Digital Identity GuidelinesAuthentication and Lifecycle Management
- This is what the market says about them:
- [WayBack] New password guidelines say everything we thought about passwords is wrong | VentureBeat | Security | by Slava Gomzin
- [WayBack] Vendors approve of NIST password draft | CSO Online
- [WayBack] NIST’s new password rules – what you need to know – Naked Security:A lot of password rules are there simply “because we’ve always done it that way.” NIST aims to fix that, and here’s how.
- If you do DNS, implement DNSSEC
- I think ipv6 is OK, but like ipv4 needs to be firewalled
- Be really careful with fail2ban and similar tools: they are easy ways to lock yourself out as well, for instance by someone doing a nice (D)DoS on you.
- if you banned yourself, but you have an alternative access to your host: [WayBack] firewall – How to Unban an IP properly with Fail2Ban – Server Fault
Tips: [WayBack] 40 Linux Server Hardening Security Tips [2017 edition] – nixCraft
Via:
- [WayBack] a few good ones: {Updated} Linux server security checklist. #sysadmin – Joe C. Hecht – Google+
- [WayBack] {Updated} Linux server security checklist. #sysadmin – nixCraft – Google+
- [WayBack] Using the fail2ban interactive mode to get the status of a jail and unban an ip. Note: The jail for ssh is actually called “sshd”, not “ssh”, at least … – Thomas Mueller (dummzeuch) – Google+
–jeroen
Leave a Reply