How to Setup a Secure Ubuntu Home Server: A Complete Guide | David Ma
www.davidma.co
Learn how to turn an old PC into a secure home server with this guide.
  • truthfultemporarily@feddit.orgEnglish
    0·
    1 day ago

    This is mostly nonsense.

    • Why block outgoing? Its just going to cause issues for most people. If you’re going to do that, do it centrally (hw firewall)
    • Why allow http and NTP incoming, when there is no http / NTP server running.
    • If there is http server running no mention of https://ssl-config.mozilla.org/ and modsecurity
    • If you’re using ufw anyway why not go with applications instead of ports?
    • In a modern distro, the defaults are usually sane (maybe except TCP), most of the stuff in the SSH config is already default.
    • Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
    • Actually potentially impactful stuff like disabling services you don’t need, such as cups, is not mentioned
    • unattended-upgrades not mentioned
    • SELinux / AppArmor not mentioned
    • LKRG not mentioned https://lkrg.org/
    • Fail2ban not mentioned

    Don’t just copy random config from the internet, as annoying as it is, read the docs.

    • uranibaba@lemmy.worldEnglish
      0·
      24 hours ago

      Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?

      And if it is, why change it on the server and not in the fw?

        • uranibaba@lemmy.worldEnglish
          0·
          11 hours ago

          I mean keep using port 22 on the server and redirect whatever port you want in your firewall (your router unless you have a dedicted fw) to port 22. Don’t change the ssh port on the server at all.

    • Mordikan@kbin.earth
      0·
      1 day ago

      But you need that legal banner in case your spouse acts up and you need to throw their ass in prison.