Linux Administration: Difference between revisions
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
The best ways to manage Linux servers. | The best ways to manage Linux servers. | ||
==Security== | |||
===SSH=== | |||
The best practice is to not expose SSH. | |||
Make SSH listen only on local connections and access it through a VPN. | |||
If you must expose SSH, use a strong SSH key and disable password login. | |||
===Firewall=== | |||
If your server is behind a NAT (router), a firewall isn't as important. | |||
For directly connected servers like VPS, you can use [[Uncomplicated Firewall]]. | |||
===Services=== | |||
All your services such as databases should only listen on localhost. | |||
To access them, you can either find a web interface or use SSH which has port forwarding. | |||
For services with default root accounts, disable the root account or add a strong password. | |||
==Cockpit== | ==Cockpit== | ||
| Line 5: | Line 19: | ||
Install it via | Install it via | ||
<pre> | <pre> | ||
sudo apt install cockpit | #sudo apt install cockpit | ||
# Install the newer backports version. | |||
sudo apt install -t bionic-backports $(dpkg-query -W | awk '/cockpit/ {print $1}') | |||
</pre> | </pre> | ||
By default, cockpit runs on port 9090. | |||
Below are some of the modules I recommend. | Below are some of the modules I recommend. | ||