Re: [tor-relays] securing a VPS [High speed exit]

[Dan Rogers <dan@xxxxxxxxxxxxxxxxxx>]

Hi Craig,

Fail2Ban, key only login, firewall, and timely updates will probably cover 99% of your risks (although I'd also suggest disabling / removing any unused services), however if you want to go further this is an excellent guide to linux security; http://crunchbang.org/forums/viewtopic.php?id=24722 .

Cheers,

Dan

On 2014-02-06 07:04, Craig C-S wrote:

Thanks all for the advice!

 

Things to do:

- I'll be looking to run Moxie Marlinspike's knockknock daemon soon as that seems like a superior solution to port knocking and rate limiting. (big fan of his work on TextSecure and RedPhone!)

- Run OpenSSH as a hiddenservice.  This seems obvious now but had not occurred to me.

- Look into Fail2Ban and DenyHosts and implement them.

 

Done and thank you for the reminders!

- Automated daily updates via emerge

- Server hardening done with hardened-gentoo

- Moved to key auth for ssh

 

Alan:

I'll keep you and the community updated if soyoustart.com (OVH) has any problem with the exit.  Beyond forgetting to ban exits to 25 they have not said anything!

 

Thanks Alan, David and Robert!

 

Craig

 

 

On Wed, Feb 5, 2014 at 5:12 PM, I <beatthebastards@xxxxxxxxx> wrote:

Also, if you know how set the operating system to update automatically to keep it secure.

Robert

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

 

--

Dan Rogers

+44 7539 552349
skype: dan.j.rogers

gpg key

linkedin | songkick | twitter | spotify | music

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays