Linux Administration: Difference between revisions
No edit summary |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
The best ways to manage Linux servers. | The best ways to manage Linux servers. | ||
==Security== | |||
===SSH=== | |||
The best practice is to not expose SSH. | |||
Make SSH listen only on local connections and access it through a VPN. | |||
If you must expose SSH, use a strong SSH key and disable password login. | |||
===Firewall=== | |||
If your server is behind a NAT (router), a firewall isn't as important. | |||
For directly connected servers like VPS, you can use [[Uncomplicated Firewall]]. | |||
===Services=== | |||
All your services such as databases should only listen on localhost. | |||
To access them, you can either find a web interface or use SSH which has port forwarding. | |||
For services with default root accounts, disable the root account or add a strong password. | |||
==Cockpit== | ==Cockpit== | ||
| Line 5: | Line 19: | ||
Install it via | Install it via | ||
<pre> | <pre> | ||
sudo apt install cockpit | #sudo apt install cockpit | ||
# Install the newer backports version. | |||
sudo apt install -t bionic-backports $(dpkg-query -W | awk '/cockpit/ {print $1}') | |||
</pre> | </pre> | ||
Latest revision as of 21:41, 4 September 2020
The best ways to manage Linux servers.
Security
SSH
The best practice is to not expose SSH.
Make SSH listen only on local connections and access it through a VPN.
If you must expose SSH, use a strong SSH key and disable password login.
Firewall
If your server is behind a NAT (router), a firewall isn't as important.
For directly connected servers like VPS, you can use Uncomplicated Firewall.
Services
All your services such as databases should only listen on localhost.
To access them, you can either find a web interface or use SSH which has port forwarding.
For services with default root accounts, disable the root account or add a strong password.
Cockpit
Cockpit is a web application to manage your server.
Install it via
#sudo apt install cockpit
# Install the newer backports version.
sudo apt install -t bionic-backports $(dpkg-query -W | awk '/cockpit/ {print $1}')
By default, cockpit runs on port 9090.
Below are some of the modules I recommend. You can install these using apt as well.
cockpit-dockerallows you to manage docker containerscockpit-machinesallows you to manage VMs via libvirtcockpit-networkmanagercockpit-packagekitto manage packages
sudo apt install -y cockpit cockpit-docker cockpit-machines cockpit-networkmanager cockpit-packagekit