blob: cfb1b898d22f1f95c0ee815ef2e6b4480641df8b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
* Security
** Switch APT to HTTPS
~sudo sed -i 's/http:/https:/' /etc/apt/sources.list~
Granted, the repository signature provides enough protection; still,
no sense in wasting bandwidth and CPU if someone is meddling.
** Tweak root access
On OVH's Debian image:
- The =root= account has no password.
- =PermitRootLogin= defaults to =prohibit-password=: set it to =no=.
** Enable fail2ban
~lastb~ says there's about 4000 login attempts per day; that makes
=/var/log/btmp= much bigger than it needs to be.
Debian's fail2ban comes with a jail for ~sshd~, so it's just a matter
of ~apt install fail2ban~.
|
