PrivSec.dev
Replies: 2 comments
-
|
I will write a guide for server stuff at some point. For containers, there is already a guide for general OCI hardening: |
Beta Was this translation helpful? Give feedback.
-
|
Disclaimer: Below I dont take into account desktop variants. I talk about server oriented distros only. Reason for this is that desktop distro (usually) comes with security preconfigured with (sometimes shady) presets that distro's devs/owner/whoever finds the most useful/in-depth/valueable/whatever. Typically there is (close to) no thing left for user to configure from the UI. Or, at least, not in. obvious, clean way. While on server-distro, basically, you are god. There is literally no power that can dictate how you want your server configured. Its all up to your skillset really. Configure server well and use it for, literally, decades without security-related issue; configure it badly and be DDoS'ed in 4-5 months (I have seen cases like this). @jermanuts The main problem with security in server world is that there is no universal config that is good and can be copied server-to-server; every use case is (or can be) extremely different; generally it depends on many factors like:
What Im trying to convey here is that there is no universal way of securing Linux-based server; security config should be done on per (physical) server basis; taking into account beforementioned points (of course this list is FAR from being exhaustive). |
Beta Was this translation helpful? Give feedback.
-
There are multiple guides on the internet but most of them are terrible and requires you to run broken/outdated scripts. So, I think it would be great to have that guide on PrivSec as @TommyTran732 is already a sysadmin with experience dealing with servers & containers and probably other contributors.
Beta Was this translation helpful? Give feedback.
All reactions