[tor-relays] doc/HARDENING Draft
Libertas
libertas at mykolab.com
Tue Nov 25 15:58:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Thanks for the heads-up about unattended-upgrades, I hadn't heard of that.
And I agree about SSHGuard. I've had a better experience with it, and
it generally seems like a more carefully developed and more thoroughly
documented project. Strangely, though, most experienced sysadmins
still use and suggest fail2ban. Maybe I'm just missing something, or
maybe people don't know about SSHGuard.
On 11/24/2014 11:29 PM, Tor Operator wrote:
> On Mon, Nov 24, 2014 at 06:09:34PM -0500, Libertas wrote:
>> Be sure to stay up-to-date using apt-get, and consider using
>> cron-apt to automatically update:
>> https://www.debian.org/doc/manuals/debian-faq/ch-uptodate.en.html
>
>>
> Maybe it also worth covering unattended-upgrades package to keep
> Debian up to date. It requires to run "dpkg-reconfigure
> unattended-upgrades" after install as it doesn't enable automatic
> upgrades right away after install and supposedly don't do
> potentially dangerous operations like kernel upgrades
> automatically. Using it in production myself, really helps to keep
> OS up to date.
>
> Also for protecting SSH SSHGuard is in my opinion a much better
> choice as it supports IPv6 unlike fail2ban (I heard there were
> patches for fail2ban to address that but I'm not sure if they are
> already in mainstream and available in all distributions).
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUdKczAAoJELxHvGCsI27NF5cQAJWbTsG0pvFUx8YU10RtJ7ol
0pywtTI36HMXC4uYb44wOEpI5huC9a9AtXXNBJDwT0pUIIkVkZ6arEg7obTKf7nP
V0I4YhLTP3s3jrVCRcBUGgfZ/0danQjOB3Vw41wEmoO1vaaC91m/ZIerfM2++E+3
mQZ0D5reeM49xkFX4Ym7nh1rBKWawqbkIHOnCY8Au4oAal8JFvhffKObjfslzMCi
k3+gJA4/pYJq58PuNOE2V3iU94qJ5/iSTgx+0P6IusPcDI65TOjKo231zcXUFfZs
0JdzS4hDsMM3VF0TKDkMnXF/Upgk7u5DoMWWBHE0F6goc/tGNHy9J0CIdaeg45jX
6+Q98T7SyVjvwezcdDnETYdhIjPp1Cas/0rIGZleDULyfvMeMvESCdeH6L2SNkjt
7VleLfzcYqwf3Gxhe0bYTabxJYTBq7MxoRHxoetBPDY9A3zGEdO67Vv0ksUbJZlF
OpPcdPzql9JbaDJf3lg3g43NJphb4fVRHYOyGOCbwoo525uqKU2EXw1F2yByyMUz
AaNTGzVFtHaerXHeVRZ7aWi9h18bVMMrhO0fUbGACbtD/1BSlz+7HPvBOIyiT5Hb
eaZDvThPGcgQaaSrwWBgnBFX/xbSt/xvWrZkPBXxD5ypYyhRvgSDEkBK9Nv6tpws
qGsuYtdJDHUl+FXGN5+0
=Iloa
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list