How to Setup a Secure Ubuntu Home Server: A Complete Guide | David Ma
www.davidma.co
Learn how to turn an old PC into a secure home server with this guide.
  • truthfultemporarily@feddit.orgEnglish
    461·
    23 days ago

    This is mostly nonsense.

    • Why block outgoing? Its just going to cause issues for most people. If you’re going to do that, do it centrally (hw firewall)
    • Why allow http and NTP incoming, when there is no http / NTP server running.
    • If there is http server running no mention of https://ssl-config.mozilla.org/ and modsecurity
    • If you’re using ufw anyway why not go with applications instead of ports?
    • In a modern distro, the defaults are usually sane (maybe except TCP), most of the stuff in the SSH config is already default.
    • Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
    • Actually potentially impactful stuff like disabling services you don’t need, such as cups, is not mentioned
    • unattended-upgrades not mentioned
    • SELinux / AppArmor not mentioned
    • LKRG not mentioned https://lkrg.org/
    • Fail2ban not mentioned

    Don’t just copy random config from the internet, as annoying as it is, read the docs.

    • Mordikan@kbin.earth
      5·
      23 days ago

      But you need that legal banner in case your spouse acts up and you need to throw their ass in prison.

    • uranibaba@lemmy.worldEnglish
      3·
      23 days ago

      Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?

      And if it is, why change it on the server and not in the fw?

        • uranibaba@lemmy.worldEnglish
          1·
          22 days ago

          I mean keep using port 22 on the server and redirect whatever port you want in your firewall (your router unless you have a dedicted fw) to port 22. Don’t change the ssh port on the server at all.

          • truthfultemporarily@feddit.orgEnglish
            1·
            22 days ago

            I understand this, but this is inconsistent behavior. You now use 22 inside your network and something else outside. Whenever you create inconsistent behavior, everyone using it has to have an awareness of all these inconsistent behaviors.

            Also, it is hard to troubleshoot because the tool most admins would want to use (netstat) will not give you useful information to understand the situation.