This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
ubuntu_server_setup [2018/07/19 13:01] mstraub [Root Kit & Intrusion Detection] |
ubuntu_server_setup [2018/08/13 10:24] mstraub [Enable Automatic Security Updates] |
||
---|---|---|---|
Line 36: | Line 36: | ||
===== OpenSSH ===== | ===== OpenSSH ===== | ||
+ | |||
+ | Disable root login in ''/etc/ssh/sshd_config'': | ||
+ | |||
+ | <code> | ||
+ | PermitRootLogin no | ||
+ | </code> | ||
A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in ''/etc/ssh/sshd_config'': | A good baseline is to only allow logins via public key authentication (disable password authentication), except for a fallback user with a very long and complex password. See these lines in ''/etc/ssh/sshd_config'': | ||
Line 61: | Line 67: | ||
sudo dpkg-reconfigure -plow unattended-upgrades | sudo dpkg-reconfigure -plow unattended-upgrades | ||
</code> | </code> | ||
+ | This creates the file ''/etc/apt/apt.conf.d/20auto-upgrades''. | ||
Then set ''Unattended-Upgrade::Remove-Unused-Dependencies'' to ''true'' in ''/etc/apt/apt.conf.d/50unattended-upgrades''. | Then set ''Unattended-Upgrade::Remove-Unused-Dependencies'' to ''true'' in ''/etc/apt/apt.conf.d/50unattended-upgrades''. |