Delivery-Date: Sun, 05 Jun 2016 18:41:04 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B0F571E0056;
	Sun,  5 Jun 2016 18:41:02 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 66B4BE0A2F;
	Sun,  5 Jun 2016 22:40:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EE83CE09C6
 for <tor-talk@lists.torproject.org>; Sun,  5 Jun 2016 22:40:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fzIfCZjQf34J for <tor-talk@lists.torproject.org>;
 Sun,  5 Jun 2016 22:40:47 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 9B537E09C1
 for <tor-talk@lists.torproject.org>; Sun,  5 Jun 2016 22:40:47 +0000 (UTC)
Received: from piha.riseup.net (unknown [10.0.1.163])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 5C3F21A395F
 for <tor-talk@lists.torproject.org>; Sun,  5 Jun 2016 22:40:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1465166444; bh=2tThTZG6T+7IamEjRb9eZDgL8GfPUcQs1KpMlBYHTBI=;
 h=Date:From:To:Subject:In-Reply-To:References:From;
 b=Z6mXOmr6MUzWyqHSjvLFEfPaiHi9+mBrLkJJtHgEHO+XaxYx5hhLKb9JhU6dHEKoU
 Cfrx8GraGYRKgbZuUyk5ZwPy7wTLoUSguqOE8zSP/ntfas0nDCu0kW31T54LnQ6PMT
 TZpj35NIvh0t6jidfpcCmqKwPkMpRoOeNxioNp2o=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: notfriendly) with ESMTPSA id 418491C0072
MIME-Version: 1.0
Date: Sun, 05 Jun 2016 18:40:44 -0400
From: notfriendly@riseup.net
To: tor-talk@lists.torproject.org
In-Reply-To: <D4EA7C86C91.0000033Fbeatthebastards@inbox.com>
References: <5754a3ed.9040606@riseup.net> <1050651465068654@web3m.yandex.ru>
 <4855581465159002@web17m.yandex.ru>
 <D4EA7C86C91.0000033Fbeatthebastards@inbox.com>
Message-ID: <031551b67faca7cfbb1b5c2c3d3468f3@riseup.net>
Subject: Re: [tor-talk] Any updates on hardening a Debian VPS?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2016-06-05 18:35, I wrote:
> What are the current best things to do to a Debian VPS to stop being
> puppeted by clever dicks?
> 
> Robert

I have a few suggestions:

* Use SSH Key Based Authnication only (no password based login)
* Update your software frequently
* Enable IPTables and only allow ports that you utilize, if you have a 
static ip address only allow connections to ssh from that ip address
* Enable Tripwire to detect changes to system files

Good luck with securing your VPS
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

