File: 1690066134569920.jpg (30.4 KB)
What do I need to keep a web server secure? These are my use cases:
1) I plan to use it to self-host private git repo remote origins.
2) I'm going to use it to run server programs to self-host a private instance of Love Live School Idol Festival All Stars that I and a friend will connect to from our phones.
3) I may or may not have make a public website someday, who knows.
I am a total beginner, so what are some things I need to be aware of with regards to security and keeping myself safe?
For reference, I will be using a Linux server, probably on some cloud provider like Linode.
Showing all 1 replies.
>>
Things I have found so far in my research:
>PermitRootLogin no, PasswordAuthentication no, PubkeyAuthentication yes
>Don't use root ever, instead make a user account and give it sudo access (How is this account getting compromised different from root being compromised? I don't understand...)
>Use fail2ban to block brute force attempts
>Use a firewall to block most ports and only allow ports that I will be using; close ports when not in use
>Have separate accounts for git and gameserver
>possibly shut down server when not in use?
Thoughts?