Skip to content

Latest commit

 

History

History
14 lines (11 loc) · 482 Bytes

File metadata and controls

14 lines (11 loc) · 482 Bytes

Server Security

This is a simple chef recipe to automate the standard lock down steps on a fresh Ubuntu install, these are:

  • Install Fail2Ban
  • Install Unattended Upgrades
  • Set the system to download updates daily
  • set the GB Locale (not security exactly but relevant for SSL stuff)
  • Disable SSH Password auth
  • Install and configure apf-firewall

Root Login

Root login is left as enabled. It's unclear what the benefit of disabling it is when password auth is disabled.