I’ve enabled a ufw firewall on my relay nodes and get a status like this:
To Action From -- ------ ---- <SSHport>/tcp LIMIT IN Anywhere <NODEport>/tcp ALLOW IN Anywhere <SSHport>/tcp (v6) LIMIT IN Anywhere (v6) <NODEport>/tcp (v6) ALLOW IN Anywhere (v6)
I saw a recommendation that I should disable IPv6 - which corresponds to all the (v6) rules, correct?
So a more secure ufw ruleset should read as such
To Action From -- ------ ---- <SSHport>/tcp LIMIT IN Anywhere <NODEport>/tcp ALLOW IN Anywhere
I can’t allow just my home IP to login as my ISP changes this address regularly.
What kind of security hole do I leave enabling a port for prometheus?
I’m supposed to not run a node with root privileges and should setup an unprivileged account with sudo access. I’m an AWS server running Ubuntu 18.04. After login all upper lever commands require sudo prefix. Does this mean I am already logged in as a user with restricted privilege?