Hi Craig,
Fail2Ban, key only login, firewall, and timely updates will probably cover 99% of your risks (although I'd also suggest disabling / removing any unused services), however if you want to go further this is an excellent guide to linux security; http://crunchbang.org/forums/viewtopic.php?id=24722 .
Cheers,
Dan
On 2014-02-06 07:04, Craig C-S wrote:
Thanks all for the advice!
Things to do:
- I'll be looking to run Moxie Marlinspike's knockknock daemon soon as that seems like a superior solution to port knocking and rate limiting. (big fan of his work on TextSecure and RedPhone!)
- Run OpenSSH as a hiddenservice. This seems obvious now but had not occurred to me.
- Look into Fail2Ban and DenyHosts and implement them.
Done and thank you for the reminders!
- Automated daily updates via emerge
- Server hardening done with hardened-gentoo
- Moved to key auth for ssh
Alan: I'll keep you and the community updated if soyoustart.com [2] (OVH) has any problem with the exit. Beyond forgetting to ban exits to 25 they have not said anything!
Thanks Alan, David and Robert!
Craig
On Wed, Feb 5, 2014 at 5:12 PM, I beatthebastards@inbox.com wrote:
Also, if you know how set the operating system to update automatically to keep it secure.
Robert
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]