Today security is more important than ever in the history of computing. Take it seriously and be prepared - a security breach is to happen any day. Hardening servers is the key to create secure environments where data is secure and systems work 24/7. Remember it's not if, but when.
Build
Adding users to the sudo/doas/wheel group is a straightforward way to grant root-like access, especially in a multi-user environment where multiple users need administrative privileges. Is it wise – no, is it needed – sometimes. See also the Fail2ban section.
Build
ShredOS uses the nwipe is a program that will securely erase the entire contents of disks. It can wipe a single drive or multiple disks simultaneously. It can operate as both a command line tool without a GUI or with a ncurses GUI.
Security
As SUDO is the key to your entire system, you should consider making it secure by require login by 2FA and your password. We are using the Google Authenticator PAM module for this.
Build
A personalized SSH banner is fun. But also most companies have them. It is easy to do the banner. So follow this quick guide and you have one.
Install
All servers should be protected against Brute Force Attacks. Fail2Ban may reduce the rate of incorrect authentication attempts, but it can't eliminate the risk presented by weak authentication.
Build
Security is very important, especially for home labs, we don't have the 24/7 IT-Security Staff to handle things. Several large attacks have recently been utilizing stolen credentials from home users. Yes, home labs are low-hanging fruit for hackers and especially wannabees.
Install
As SSH is our mostly used tool, we need to make it safe.
Install
We do not want to use root for everything, actually we can't allow it. We need admin groups and administration accounts. Furthermore, we need to segregate and use other users and groups with lesser privileges on our cluster and servers.
Install
It's common practice to harden any server beyond the typical 60-70% state they are at end of installation. Fail2ban is one of the tools. As all a home lab is a prime target, we need to take extra steps to secure the servers we have, exposed and not exposed ones alike.
Install
There is easy ways and there is smart ways. Today we take a look at the smart way. Usage of SSH-keygen and the config-file. Instead of typing: ssh [email protected] -p 12345, just type: ssh newwebsite.
News
SSH-keygen changed default algorithm and fixed security issues.
Remote Access
Configure SSH Tunnel (Port Forwarding) on macOS, Linux and Windows using OpenSSH. In this example, I will show how to tunnel an RDP connection traffic over OpenSSH.