Basic Debian Hardening

Quick Update

It's been a while since I've written anything up here - never underestimate the learning curve in a new position!! But it's time to get back to my personal projects - starting with a little housekeeping...

The Plan

About a year ago I started working with the great headless CMS system ApostropheCMS - the first project was our church website and I wanted to make sure that we would have no problems with the backend database availability or capacity, so I signed up with MongoDB Atlas. Now what I DIDN'T realize was that there is no "low price" tier as such - you go from the free tier to a full subscription just to add in data backups - that's $100 a month for a service that was way over the top for our website traffic.

So I've now spun up a new Linode instance, installed MongoDB community edition and locked down the iptables to only allow access from my application server. Now it's time to spin up a new application server for my Python APIs....

Setting up users

The first step is to create a new Linode instance - I'm creating just Nanodes for now - they are so simple and almost instant to scale up as and when needed - though I have a suspicion that a nanode will eat anything I can throw at it in Python, at least for now... On initial setup, you setup your root user and password - now that's just not going to work...

SSH into the instance with your root credentials

Grab the latest updates: apt-get update && apt-get dist-upgrade and reboot

Add a new user (NOT root) to work with: adduser admin

Add this user to the sudoers group: usermod -aG sudo username

Remove root SSH access

vi /etc/ssh/sshd_config

Edit the file to set PermitRootLogin no

Reboot your server - you should no longer be able to login with root credentials