It scratches the surface of the most obvious stuff. I’d only add running apps in isolation (docker or adduser) and maybe fail2ban.

  • SayCyberOnceMore
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    This is definitely good advice - and an interesting point on removing ‘‘sudo’’

    I would add a clarification: moving SSH to cert only prevents password guessing, but also - if possible - only allow specific IPs to access it. This could be down to the country level if roaming a lot. Also use >1 IP so that you don’t lock yourself out!