This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
ubuntu_server_setup [2018/07/09 16:55] mstraub [Enable Automatic Security Updates] |
ubuntu_server_setup [2018/08/13 10:23] mstraub [OpenSSH] |
||
---|---|---|---|
Line 36: | Line 36: | ||
===== OpenSSH ===== | ===== OpenSSH ===== | ||
+ | |||
+ | Disable root login in ''/etc/ssh/sshd_config'': | ||
+ | |||
+ | <code> | ||
+ | PermitRootLogin no | ||
+ | </code> | ||
A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in ''/etc/ssh/sshd_config'': | A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in ''/etc/ssh/sshd_config'': | ||
Line 91: | Line 97: | ||
Have a look at at e.g. [[http://wiki.ubuntuusers.de/chkrootkit|chkrootkit]] and tiger [[http://www.nongnu.org/tiger/|tiger]] | Have a look at at e.g. [[http://wiki.ubuntuusers.de/chkrootkit|chkrootkit]] and tiger [[http://www.nongnu.org/tiger/|tiger]] | ||
+ | ===== Greeting ===== | ||
+ | |||
+ | If you fancy a nice greeting message: | ||
+ | |||
+ | <file bash /etc/update-motd.d/99-greeting> | ||
+ | #!/bin/bash | ||
+ | |||
+ | # http://patorjk.com/software/taag/#p=display&h=1&f=Calvin%20S&t=my-server-name | ||
+ | echo "┌┬┐┬ ┬ ┌─┐┌─┐┬─┐┬ ┬┌─┐┬─┐ ┌┐┌┌─┐┌┬┐┌─┐" | ||
+ | echo "│││└┬┘───└─┐├┤ ├┬┘└┐┌┘├┤ ├┬┘───│││├─┤│││├┤ " | ||
+ | echo "┴ ┴ ┴ └─┘└─┘┴└─ └┘ └─┘┴└─ ┘└┘┴ ┴┴ ┴└─┘" | ||
+ | |||
+ | # or alternatively | ||
+ | # figlet my-server-name | ||
+ | </file> | ||
===== More Resources ===== | ===== More Resources ===== | ||
[[http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers]]\\ | [[http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers]]\\ | ||
[[https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics]] | [[https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics]] |