Stories
Slash Boxes
Comments

SoylentNews is people

Ask Soylent: Hardening a Linux Server in 2017

posted by martyb on Saturday June 03 2017, @02:32PM   Printer-friendly
from the cat-and-mouse-and-dogged-determination dept.

Phoenix666 writes:

A couple years ago I set up a simple brochure-ware site for the School Board in the district here in Brooklyn, hosted on a VPS instance on Linode, to publicize the dates of public meetings, meeting minutes, etc. The VPS doesn't contain any sensitive information so I locked down the ports to 80, 443, and 22, hardened the SSH with measures like fail2ban, kept the system updated every week or so, and called it a day.

Last week, though, the site was compromised. Blowing the instance away and re-creating it from physical backups is not a problem, but in poring through the system to figure out how it was breached I realized both that my own security chops aren't deep enough and that standard best security practices might not be good enough anymore, anyway, given the many vulnerabilities exposed in the last year and realities like the NSA trove that Shadow Brokers leaked.

So the question for the more experienced security professionals in the Soylent community is, can they recommend a good guide and/or site to hone linux security chops and forensic skills that's current?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ask Soylent: Hardening a Linux Server in 2017 | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by mcgrew on Saturday June 03 2017, @05:10PM (2 children)

    by mcgrew (701) <publish@mcgrewbooks.com> on Saturday June 03 2017, @05:10PM (#519910) Homepage Journal

    Register4less gives me 10 gigabytes, 5 email addresses, all thye tools I've ever heard of and many I haven't for less than fifty bucks a year. You're probably spending more on ISP service that will let you run a service.

    --
    mcgrewbooks.com mcgrew.info nooze.org
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by frojack on Saturday June 03 2017, @05:17PM

    by frojack (1554) on Saturday June 03 2017, @05:17PM (#519912) Journal

    He said it was hosted on a VPS instance on Linode.

    To me that sounds like he already has exactly what you are recommending.

    --
    No, you are mistaken. I've always had this sig.

  • (Score: 3, Informative) by el_oscuro on Sunday June 04 2017, @05:15AM

    by el_oscuro (1711) on Sunday June 04 2017, @05:15AM (#520107)

    Hostgator is pretty cool too. I originally liked them because even there $10/month plans offered ssh access. More recently, I ran a wpscan on my site and was rather shocked to find that not only was Wordpress fully up to date, but all of the plugins I had were too. Even so, I deleted as many plugins as I could. If you run wordpress, wpscan is an essential tool.

    --
    SoylentNews is Bacon! [nueskes.com]