-
Notifications
You must be signed in to change notification settings - Fork 184
Server Security Checklist
John O. Brennan edited this page Sep 29, 2016
·
15 revisions
Guidelines for our public-facing, Ubuntu-like servers.
TODO: create a Docker baseimage with all this stuff baked in and switch to a cloud provider that lets us "run Docker containers as the host".
Add our public key to /root/.ssh/authorized_keys
.
Disable password-based login by adding this line to /etc/ssh/sshd_config
:
PasswordAuthentication no
Restart the SSH server:
/etc/init.d/ssh restart
Install:
apt-get install unattended-upgrades update-notifier-common
Run this, answering "yes" (it will create /etc/apt/apt.conf.d/20auto-upgrades
):
dpkg-reconfigure --priority=low unattended-upgrades
Add this line to /etc/apt/apt.conf.d/50unattended-upgrades
:
Unattended-Upgrade::Automatic-Reboot "true";
And uncomment out this line:
//Unattended-Upgrade::Mail "root";
Tip: to trigger an update run:
unattended-upgrade -d