How to Setup a Secure Ubuntu Home Server: A Complete Guide

udc@lemmy.world · 1 day ago

truthfultemporarily@feddit.org · 19 hours ago

This is mostly nonsense.

Why block outgoing? Its just going to cause issues for most people. If you’re going to do that, do it centrally (hw firewall)
Why allow http and NTP incoming, when there is no http / NTP server running.
If there is http server running no mention of https://ssl-config.mozilla.org/ and modsecurity
If you’re using ufw anyway why not go with applications instead of ports?
In a modern distro, the defaults are usually sane (maybe except TCP), most of the stuff in the SSH config is already default.
Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?
Actually potentially impactful stuff like disabling services you don’t need, such as cups, is not mentioned
unattended-upgrades not mentioned
SELinux / AppArmor not mentioned
LKRG not mentioned https://lkrg.org/
Fail2ban not mentioned

Don’t just copy random config from the internet, as annoying as it is, read the docs.

uranibaba@lemmy.world · 11 hours ago

Why change the SSH port of a home server, which most likely is not reachable from the outside anyway?

And if it is, why change it on the server and not in the fw?

truthfultemporarily@feddit.org · 10 hours ago

If you change it, definitely change it on the server so it shows up in netstat and is consistent.

Mordikan@kbin.earth · 13 hours ago

But you need that legal banner in case your spouse acts up and you need to throw their ass in prison.

RubberElectrons@lemmy.world · 11 hours ago

Til about lkrg.