Ok so I’m really curious about securing Ubuntu. I’ve deployed rails apps and none of the tutorials talk about installing firewalls and what not. For my current project I will be using Ghost blogging software which runs on node.js. One of the tutorials has a lot of information regarding security. I was wondering how valid these security measures are on DreamCompute.
Steps to Take
SSH Hardening - disable root login and change port - I don’t think we need to do this since it’s already taken care of for us, correct? This is why we use keys with dashboard and have to login not using root. Am I understanding this correctly? When I follow the instructions and make user use 1010 I time out trying to connect and still connect the same way without defining a port to log into.
Install and configure Firewall - ufw
Is this something I should be doing on all of my projects? I’m really new to this and am happy to configure a firewall. I tried it yesterday without much luck but I’ll give it a whirl again today.
Secure shared memory - fstab
Protect su by limiting access only to admin group
Do I really have to do these two steps on this platform? How come in rails tutorials it’s never been expressed before?
Harden network with sysctl settings
How useful are his edits on dreamcompute? Is there things we can do without? Maybe some rules are very necessary but which ones?
Scan logs and ban suspicious hosts - Fail2ban.
Fail2Ban so far is working fine. It wasn’t a debug error. it just calls itself an ‘authentication failure monitor’
i officially can’t get fail2ban to work. I’m going to have to look for it’s log fails and find out why it’s giving me authentication failure monitor
The NGINX file is very detailed as well. Any comments, feedback and guidance would be greatly appreciated. I just want figure out what the best way is to setup a stack for ghost on dreamcompute. i’m tracking my findings so I can share the data later in a blog article or whatever.