Reading about pool intrusions just few days after their launch demonstrate that people out there, are ready to exploit any security breach.
For people like me (not security expert) I think it is honouring @junada ADA sacrifice’s than to do one’s best to take proper counter measures, but personally I would need help. (defence is more collaborative than attack I believe)
Typically my nodes are running on fresh install of Debian 10 on separate VPS in different countries. I use a 1GB RAM servers with 25GB SSD Drive. Binaries are built and transferred to those servers with ssh configured to connect via key. I build
libsodium one each node and use CNTools to run the node (after changing default path).
I want to close the maximum ports and services. But can you tell me those that are mandatory ?
- ntp: for time synchronisation?
- DNS: to update packages a little bit more easily?
- ssh: with password authentication disabled and default port changed?
- https: for communication with a white list of IP addresses ?
I’m starting the iptable configuration with something from serverfault but it probably needs extensions.
#Flush existing rules iptables -F # Allow existing connections to continue iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Accept I/O from the 184.108.40.206 IP iptables -A INPUT -i ens3 -s 220.127.116.11 -j ACCEPT iptables -A OUTPUT -o ens3 -d 18.104.22.168 -j ACCEPT # default DROP rule for all protocol to ens3 but ping (icmp) iptables -P INPUT -i ens3 ! -p icmp DROP
Could a security expert share a template of his iptables ?