this post was submitted on 30 Jul 2023
63 points (100.0% liked)

homelab

6612 readers
1 users here now

founded 4 years ago
MODERATORS
 

It scratches the surface of the most obvious stuff. I'd only add running apps in isolation (docker or adduser) and maybe fail2ban.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 1 year ago (1 children)

This is definitely good advice - and an interesting point on removing ''sudo''

I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don't lock yourself out!

[โ€“] [email protected] 1 points 1 year ago

Yes! Geo ip filtering got rid of so much brute forcing for me.