Started off by
- Enabling unattended updates
- Enable only ssh login with key
- Create user with sudo privileges
- Disable root login
- Enable ufw with necessary ports
- Disable ping
- Change ssh default port 21 to something else.
Got the ideas from networkchuck
Did this on the proxmox host as well as all VMs.
Any suggestions?
You are viewing a single thread.
View all comments 1 point
Opnsense firewall at perimeter…and that’s about it. Chances of anything getting in with no exposed ports is pretty slim so I don’t really bother with anything more.
For SSH exposed servers/VPS I do change the port though. Cut down log noise & maybe dodge the odd portscanner or two