• Rimu@piefed.social
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Ubuntu has a set of scripts you can run to harden a new server (not advisable on a server that has already been configured for something). You need an Ubuntu Pro subscription to access them but you can get a free trial and then cancel it after you’ve finished.

    More info at https://ubuntu.com/security/cis.

    I did this process for a customer recently and it was pretty straightforward and much much more thorough (over 100 configuration changes) than just tweaking SSH and fail2ban.

    I expect other commercially-oriented distros offer something similar.