1
Beginners & Help / Debian VPS Security Help
« on: February 21, 2018, 11:33:11 AM »
Hi guys,
for now i just have to let GB do its trading. That brings me to the fact that i have to take care of my vps security (Debian); meaning rearranging and setting up my inital installs.
This is what i have in mind so far, but as being a linux newbie any advice on the plan is helpful:
(in general i want to edit my stuff by connecting via sftp on the fly and also by ssh2 to attach to Gunbot screen process to watch realtime)
1. Change ssh port
2. Add "normal" user (just allowed to edit configs, using start/stop scripts).
3. Deny Root Login
4. Install Fail2Ban or similiar
5. Connect by using PublicKeys instead of password.
Concerning system structure i would think that way:
root/system area /usr folders
------------------------------------------------------------------------------------------
Netcore
Screen
Fail2Ban
Gunbot >>>>>> symlink >>>>>>>>>>>> /usr/config/config.json
CryptogramBot >>>>>> symlink >>>>>>>>>>>> /usr/config/appsettings.json
<<<<<<<<<<<<<<<<<<<<<<<< /usr/script/.... start/stop for Gunbot
<<<<<<<<<<<<<<<<<<<<<<<< /usr/script/.... start/stop for CryptoGramBot
Said "normal" user just needs to access and see the folders and stuff in /usr....
So i would appreciate any comments or better solutions concerning security. As being new to linux that is my actual main idea about as far as i did read yet.
Thanks!!!!!
for now i just have to let GB do its trading. That brings me to the fact that i have to take care of my vps security (Debian); meaning rearranging and setting up my inital installs.
This is what i have in mind so far, but as being a linux newbie any advice on the plan is helpful:
(in general i want to edit my stuff by connecting via sftp on the fly and also by ssh2 to attach to Gunbot screen process to watch realtime)
1. Change ssh port
2. Add "normal" user (just allowed to edit configs, using start/stop scripts).
3. Deny Root Login
4. Install Fail2Ban or similiar
5. Connect by using PublicKeys instead of password.
Concerning system structure i would think that way:
root/system area /usr folders
------------------------------------------------------------------------------------------
Netcore
Screen
Fail2Ban
Gunbot >>>>>> symlink >>>>>>>>>>>> /usr/config/config.json
CryptogramBot >>>>>> symlink >>>>>>>>>>>> /usr/config/appsettings.json
<<<<<<<<<<<<<<<<<<<<<<<< /usr/script/.... start/stop for Gunbot
<<<<<<<<<<<<<<<<<<<<<<<< /usr/script/.... start/stop for CryptoGramBot
Said "normal" user just needs to access and see the folders and stuff in /usr....
So i would appreciate any comments or better solutions concerning security. As being new to linux that is my actual main idea about as far as i did read yet.
Thanks!!!!!