Reading about pool intrusions just few days after their launch demonstrate that people out there, are ready to exploit any security breach.
For people like me (not security expert) I think it is honouring @junada ADA sacrifice’s than to do one’s best to take proper counter measures, but personally I would need help. (defence is more collaborative than attack I believe)
Typically my nodes are running on fresh install of Debian 10 on separate VPS in different countries. I use a 1GB RAM servers with 25GB SSD Drive. Binaries are built and transferred to those servers with ssh configured to connect via key. I build libsodium
one each node and use CNTools to run the node (after changing default path).
I want to close the maximum ports and services. But can you tell me those that are mandatory ?
- ntp: for time synchronisation?
- DNS: to update packages a little bit more easily?
- ssh: with password authentication disabled and default port changed?
- https: for communication with a white list of IP addresses ?
I’m starting the iptable configuration with something from serverfault but it probably needs extensions.
#Flush existing rules
iptables -F
# Allow existing connections to continue
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Accept I/O from the 1.2.3.4 IP
iptables -A INPUT -i ens3 -s 1.2.3.4 -j ACCEPT
iptables -A OUTPUT -o ens3 -d 1.2.3.4 -j ACCEPT
# default DROP rule for all protocol to ens3 but ping (icmp)
iptables -P INPUT -i ens3 ! -p icmp DROP
Could a security expert share a template of his iptables ?