Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.

Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.

Rolled back to the backup before I made it public and now I have a security checklist.

  • JustEnoughDucks
    25 months ago

    Honestly, crowdsec with the nginx bouncer is all you need security-wise to start experimenting. It isn’t perfect security, but it is way more comprehensive than fail2ban for just getting started and figuring more out later.

    Here is my traefik-based crowdsec docker composer:

    services:
  crowdsec:
    image: crowdsecurity/crowdsec:latest
    container_name: crowdsec
    environment:
      GID: $PGID
    volumes:
      - $USERDIR/dockerconfig/crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml
      - $USERDIR/data/Volumes/crowdsec:/var/lib/crowdsec/data/
      - $USERDIR/dockerconfig/crowdsec:/etc/crowdsec/
      - $DOCKERDIR/traefik2/traefik.log:/var/log/traefik/traefik.log:ro
    networks:
      - web
    restart: unless-stopped

  bouncer-traefik:
    image: docker.io/fbonalair/traefik-crowdsec-bouncer:latest
    container_name: bouncer-traefik
    environment:
      CROWDSEC_BOUNCER_API_KEY: $CROWDSEC_API
      CROWDSEC_AGENT_HOST: crowdsec:8080
    networks:
      - web # same network as traefik + crowdsec
    depends_on:
      - crowdsec
    restart: unless-stopped

networks:
  web:
    external: true

    https://github.com/imthenachoman/How-To-Secure-A-Linux-Server this is a more in-depth crash course for system-level security but hasn’t been updated in a while.

    • @[email protected]
      15 months ago

      That’s rad! Thanks so much for sharing that! Definitely gonna give this a read. Very much appreciated. :)