1.1 KiB
Secure a debian server
Deny ping response
In the file /etc/ufw/before.rules add the line after "ok icmp codes for INPUT"
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP
Restraining SSH default behaviour
In the file /etc/ssh/sshd_config or /etc/sshd_config
Port $SSH_PORT # Custom SSH port AddressFamily inet ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no
# Apply changes
systemctl restart sshd
Enabling security features
In the file /etc/sysctl.conf, uncomment / add the lines :
net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.all.arp_notify = 1
# Apply changes
sysctl -p
Prevent IP Spoof
In the file /etc/host.conf, add / change the lines :
order bind,hosts multi on