Do you have any tutorials or guides on this handy?
Now that’s a deeeeep rabbit hole. I tend to go overboard on hardening and security, however, one good place to start is installing Lynis and run a scan. Lynis will spit out a rather extensive list of areas you need to harden or adjust and a score for your server. It will also give links where you can go and read up on the specific item in question. Now, not every one of the bullets in the list will apply, but you should give each careful consideration. Lynis is Free and Open Source Software (FOSS).
- Site: cisofy.com/lynis/
- Install: apt-get install lynis
- Run:
lynis audit system
I ran a scan just for demonstration purposes so you can see what the end results are. This is just a snippet:
spoiler
* Configure minimum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Configure maximum password age in /etc/login.defs [AUTH-9286] https://cisofy.com/lynis/controls/AUTH-9286/ * Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] https://cisofy.com/lynis/controls/AUTH-9328/ * To decrease the impact of a full /home file system, place /home on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /tmp file system, place /tmp on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/ * To decrease the impact of a full /var file system, place /var on a separate partition [FILE-6310] https://cisofy.com/lynis/controls/FILE-6310/
Be mindful of where you get your hardening tutorials. There are hundreds of thousands out there. I would stick with authoritative sources.
melroy@kbin.melroy.org 11 hours ago
Caddy is also fine.
I wrote a blog about server hardining and you might find it useful: https://blog.melroy.org/2023/server-hardening/