Chapter 11: Security Guard

Chapter 11: Security Hardening

SSH Key Setup

ssh-keygen -t ed25519
ssh-copy-id user@host

sshd_config hardening

PermitRootLogin no
PasswordAuthentication no
Port 2222

Firewall UFW

sudo ufw default deny incoming
sudo ufw allow 2222/tcp
sudo ufw enable
sudo ufw status verbose

fail2ban

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo fail2ban-client status sshd

Security Audit

find / -perm -4000 -type f 2>/dev/null
find / -perm 777 -type f 2>/dev/null
  • Principle of least privilege
  • Disable root SSH on all production servers
  • SUID files are privilege escalation risks