fail2ban and rkhunter are in the kit, and that offsets some of the issues: you g... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		PaulRobinson on Jan 30, 2020 \| parent \| context \| favorite \| on: Sovereign: Ansible playbooks to build and maintain... fail2ban and rkhunter are in the kit, and that offsets some of the issues: you get some assurance and protection right there out of the box. You can also comment out the bits you don't want from https://github.com/sovereign/sovereign/blob/master/site.yml before you run the top level playbook.

sneak on Jan 31, 2020 [–]

fail2ban is security theater. Turn off password-based ssh authentication, use keys only, and you’re done. You don’t need additional software for it.

For extra security, bind ssh to localhost only and run a tor hidden service on the machine for accessing it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact