[Help] Debian latest release - first steps in securing when its already on the internet?

[Diluculo_DelFuego]

Hi all,

Greeting to fellow Unix and Linux users. I've worked with a variety of flavors - HP-UX, AIX, Solaris, BSD, RedHat, Fedora, RHEL, Gentoo, Ubuntu, Debian.
The problem is is that I am trying to install apps on a virtual server that once booted is on the internet. Nice, but no security configurations other than out of the box.
So, what are the steps you would take in less than 5 minutes (enough time for a hacker to notice the server)?
Ive created a set of bash scripts that does IPv4/6 monitoring from logfiles, and drops hack attempts via iptables, but that may change with use of nftables in the newest release. Same with PSAD instead of portsentry.
The old Ubuntu server used ssh, fail2ban, the apps, the databases, the web servers and portsentry to kill portknocking attempts and iptables to DROP suspicious connections.
Any advice on how to use nftables like this iptables command:
sudo iptables -A INPUT -s a.b.c.d -j DROP if a alert gets tripped in auth.log or other logfiles. ???
The server is an internet ready Debian VPS, that runs the OS, scripts, four apps, 2 databases (PostGRESQL, MySQL), Fail2Ban, ssh, Apache and NGINX).
The apps are for multimedia play planning and streaming using relays, to setup an internet radio station.
I am planning to write an audit script in Python once I learn Python, to secure a server using the CIS document.

Thanks!!

Post automatically merged: Mar 12, 2023

Got into server after four hours of trying to hack at it, and got to root, copied scripts to server, installed fail2ban and portsentry; configuring this week and hopefully will be up Friday.

 

[WeirdGnome]

Well I use Debian as my main system on Desktop.
Dunno for server but these are the apps I install after fresh debian with mate desktop.
I Install and enable the UFW (uncomplicated firewall) and its gui frontend GUFW.
Then I Install FIREJAIL to run unsafe programs like webbrowsers and others in sandbox.
As a free user of protonmail.com I'm allowed to use their VPN so I configure that next.
after that i install the update-package-indicator to have a nice update manager in try.

Any advice on how to use nftables like this iptables command:

Try uncomplicated firewall. iptables sucks

there's no thing like privacy or safety even on linux. There are backdoors installed in all the hardware and we can't do anything about this.

 

[Diluculo_DelFuego]

Ah, thank you. A few ideas there I hadn't used.

 

[Cdgwaddell]

there's no thing like privacy or safety even on linux. There are backdoors installed in all the hardware and we can't do anything about this.

You just mentioned IPTABLES and FIREWALL... You literally can cut the hardware off from communication with whomever they're sending back to by monitoring network traffic.

But I agree there is no such thing as a secure machine in today's day and age unless you consider an abacus buried 15 feet under concrete with 0 access rendering it a useless machine.

 

[KjEno186]

Well I use Debian as my main system on Desktop.
Dunno for server but these are the apps I install after fresh debian with mate desktop.
I Install and enable the UFW (uncomplicated firewall) and its gui frontend GUFW.

Having been on Linux Mint for the longest time, I distro hopped to MX-23. I like it. Granted, I'm not the sort to use Arch. I just want to install and use the operating system to DO stuff, not tweak the OS. I've tried lots of distros over the years (since the mid 2000s), so it's hard to say when the next hop will take place. MX does include UFW & GUFW by default, and it is turned on by default. I've tried some distros in the past that didn't include UFW, or if they did, left it 'off' by default. MX-23 is based directly on Debian from what I can tell, though Flatpaks are available from the software installer.

I cannot speak to running servers, but for the desktop Linux is like locking your car door and activating the alarm while Windows is like leaving it unlocked and leaving the keys in the glove compartment. The criminal will go for the low hanging fruit, usually...

The greatest insecurity of all is the user. It's harder to compromise a Linux installation, and generally Linux users are more competent with the operating system. Windows can be secure (for servers). Decades of insecure desktop usage made the general public expect insecurity as common and unavoidable. Users with little technical knowledge led to phishing scams galore, for example, which is the most common way that hackers have gotten access to information. I also think that some 'hacking' claims are actually internal company error. Someone in the company makes a mistake which leaves a database open to be viewed, the data is found and 'stolen,' and to save face the public claim is made that the database was 'hacked.'

By all means, use whatever methods you have at your disposal to secure your VM, but you're not going to be discovered by hackers in five minutes.

 

[Diluculo_DelFuego]

This thread can be closed as I'm not 9n the project any longer.
I do appreciate all the input on the threads regarding the project.