Reading about pool intrusions just few days after their launch demonstrate that people out there, are ready to exploit any security breach.
For people like me (not security expert) I think it is honouring @junada ADA sacrifice’s than to do one’s best to take proper counter measures, but personally I would need help. (defence is more collaborative than attack I believe)
Typically my nodes are running on fresh install of Debian 10 on separate VPS in different countries. I use a 1GB RAM servers with 25GB SSD Drive. Binaries are built and transferred to those servers with ssh configured to connect via key. I build
libsodium one each node and use CNTools to run the node (after changing default path).
I want to close the maximum ports and services. But can you tell me those that are mandatory ?
- ntp: for time synchronisation?
- DNS: to update packages a little bit more easily?
- ssh: with password authentication disabled and default port changed?
- https: for communication with a white list of IP addresses ?
I’m starting the iptable configuration with something from serverfault but it probably needs extensions.
#Flush existing rules iptables -F # Allow existing connections to continue iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Accept I/O from the 22.214.171.124 IP iptables -A INPUT -i ens3 -s 126.96.36.199 -j ACCEPT iptables -A OUTPUT -o ens3 -d 188.8.131.52 -j ACCEPT # default DROP rule for all protocol to ens3 but ping (icmp) iptables -P INPUT -i ens3 ! -p icmp DROP
Could a security expert share a template of his iptables ?