Skip to content

Server Security Checklist

jab edited this page Sep 22, 2016 · 15 revisions

Introduction

Guidelines for our public-facing, Ubuntu-like servers.

TODO: create a Docker baseimage with all this stuff baked in and switch to a cloud provider that lets us "run Docker containers as the host".

Login

Add our public key to /root/.ssh/authorized_keys.

Disable password-based login by adding this line to /etc/ssh/sshd_config:

PasswordAuthentication no

Restart the SSH server:

/etc/init.d/ssh restart

Automatic updates

Install:

apt-get install unattended-upgrades update-notifier-common

Run this, answering "yes" (it will create /etc/apt/apt.conf.d/20auto-upgrades):

dpkg-reconfigure --priority=low unattended-upgrades

Add this line to /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Automatic-Reboot "true";

And uncomment out this line:

//Unattended-Upgrade::Mail "root";

Tip: to trigger an update run:

unattended-upgrade -d

TODO

Inspiration

Clone this wiki locally