Level 65
It's more of securing Linux, Forge is just connecting to it to manage it.
Nov 18, 2014
3
Level 10
Forge security / config
After initiating a new Digital Ocean droplet via Forge, are there any additional steps needed to take in order to properly secure the server?
Being used to having someone else worry about these things, I am at the point where I don't even know what I don't know... So the question is: Is the Forge configuration enough, security wise? And if the answer is "no", can someone please give some direction/tips on the "must-do" things?
Level 10
Ok, but Forge is doing at least some minor tweaks like removing root login etc. So the question is: what exactly is Forge doing, and what extra measures need must be done? I am talking about the stuff that you should always do right after booting up a new server.
A server can never get secure enough, and unfortunately I'm not a sysop. I just want my server to be reasonably secure. So if someone could share the initial steps you typically take on a new server would be much appreciated!
Level 65
Depends how far you want to go but removing root login is good. Disabling password login is extra security since you need the private key.
Firewall stuff for closing unused ports. Things like SYN flood protection can be helped in Linux /proc/sys/net/ipv4/tcp_syncookies and IPTables.
Not allowing remote login for MySQL (unless you safe guard that with a firewall rule to only allow an IP/IP range.
There's many more. Have a Google for web server security/strengthening
Please or to participate in this conversation.