Add notes on VPS administration

author: Kévin Le Gouguec <kevin.legouguec@gmail.com> 2021-07-01 23:54:24 +0200
committer: Kévin Le Gouguec <kevin.legouguec@gmail.com> 2021-07-01 23:54:31 +0200
commit: a7e90c5657286f11533b3e3402fe4da90e7bc46e (patch)
tree: 17bd16e2a20f4b341d82627690fc7f97c371b97f /guides/cloud/vps.org
parent: 72eadf9f9833d896ba20d59a289803621ee87443 (diff)
download: memory-leaks-a7e90c5657286f11533b3e3402fe4da90e7bc46e.tar.xz
1 files changed, 16 insertions, 0 deletions
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
new file mode 100644
index 0000000..cfb1b89
--- /dev/null
+++ b/guides/cloud/vps.org
@@ -0,0 +1,16 @@
+* Security
+** Switch APT to HTTPS
+~sudo sed -i 's/http:/https:/' /etc/apt/sources.list~
+
+Granted, the repository signature provides enough protection; still,
+no sense in wasting bandwidth and CPU if someone is meddling.
+** Tweak root access
+On OVH's Debian image:
+- The =root= account has no password.
+- =PermitRootLogin= defaults to =prohibit-password=: set it to =no=.
+** Enable fail2ban
+~lastb~ says there's about 4000 login attempts per day; that makes
+=/var/log/btmp= much bigger than it needs to be.
+
+Debian's fail2ban comes with a jail for ~sshd~, so it's just a matter
+of ~apt install fail2ban~.
author	Kévin Le Gouguec <kevin.legouguec@gmail.com>	2021-07-01 23:54:24 +0200
committer	Kévin Le Gouguec <kevin.legouguec@gmail.com>	2021-07-01 23:54:31 +0200
commit	a7e90c5657286f11533b3e3402fe4da90e7bc46e (patch)
tree	17bd16e2a20f4b341d82627690fc7f97c371b97f /guides/cloud/vps.org
parent	72eadf9f9833d896ba20d59a289803621ee87443 (diff)
download	memory-leaks-a7e90c5657286f11533b3e3402fe4da90e7bc46e.tar.xz