-
Notifications
You must be signed in to change notification settings - Fork 0
Server Setup
Keyvan Fatehi edited this page Jul 26, 2013
·
3 revisions
Allowed only HTTP/HTTPS and SSH
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo vi /etc/fstab
Add the following line
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
Should this be tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0 instead?
Source: Ask Ubuntu
sudo vi /etc/ssh/sshd_config
Add
PermitRootLogin no
sudo groupadd administrators
sudo usermod -a -G administrators admin
sudo dpkg-statoverride --update --add root administrators 4750 /bin/
sudo vi /etc/sysctl.conf
Add or uncomment
# IP Spoofing protection
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Block SYN attacks
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
# Log Martians
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all = 1
Reload sysctl
sudo sysctl -p
sudo vi /etc/host.conf
Add or edit
order bind,hosts
nospoof on