-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 17/04, Paul Grenyer wrote:
It seams that Digital Ocean droplets don't have any security, which obviously isn't great for production. I'd like to secure my server ready for production, but I'm not really sure where to start.
I'm hosted with linode and they have a fairly useful guide that covers a few things: https://www.linode.com/docs/security/securing-your-server/ I'm sure most of that would apply to Digital Ocean. Also, here's a good guide to iptables: https://wiki.archlinux.org/index.php/Iptables In general, if you've got all ports shut down except those you need and ssh is restricted to key-only login (and definitely disallow root login!) then you'll be in a good place. Obviously, you can take security to the nth degree but the main attack points will be through the software you're intentionally exposing (web applications) and for that... good luck :) btw, I'm not a security expert ;) Others on the list might be. I take my cue from the IRC channel: "advice given here generally isn't". Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVN2ltAAoJEL/3HArzwYbRwNUP/iMTrBLk5fZFO5iMNsGmBV26 vnvXnsQE3EdqwrByo8X+kADQrsAmrmo/Wk3fQJvqogemSb8pNbV7szcBED7f0Jt1 nUfC6ZsnJeTdxiRxwcw/GpxDhR8+bXrmq76+t7KKxy3isHeWipFaN/jO+Ib8BBIc 7uhIjP506WcUVzgNkisYaKYeclFa6793haI00lLN4RUfYN+blzYWhlOFiJ8mx9Nb YcVJDyb/PPXTwMniKikD9CjjDUn5DEMG7B5JzQOEfCfBVSW+JyOyCXDNKwzliBeg yXbQT7YwvPMw9rXk8rVt8k3a/fkh1VkUQx9FfaBFYfDlL35U5WaSjX+qWh11EnJP ZRZKAwKNVy6SnDKpxRr6EJvh8BrkM31e6NRwlrzsxiTziluxaGJF3xKmYESuN3VC G2L3+jVYMI+mVbFhVLHkNDMLc9ux1SXMUtedQE4+bnZcQT8fkCiPZgOL0oZwiv+t Se70nlvdGY3ub4yPURDz+MpGI3IfcxLoGdaafMwGWMzt8XpXGXCFmBGr3Iblj7vV qKkLgYmRsHOCfZGUYuA9ySekrb55HF5A9Cubz0bFSaI2mpM00tcg2A4PKfI2D+jk K2KdZWLXNqPFYJuQWx7wxp1RKj/RrwwkfQJZdBXd8eKV0xMCP39eE09mpITo1C4R jTebccJqQrorCGaTCsEU =ZGRb -----END PGP SIGNATURE-----