[tor-relays] securing a VPS [High speed exit]

Dan Rogers dan at holdingitwrong.com
Thu Feb 6 13:06:00 UTC 2014 

 

Hi Craig, 

Fail2Ban, key only login, firewall, and timely updates will probably
cover 99% of your risks (although I'd also suggest disabling / removing
any unused services), however if you want to go further this is an
excellent guide to linux security;
http://crunchbang.org/forums/viewtopic.php?id=24722 . 

Cheers, 

Dan 

On 2014-02-06 07:04, Craig C-S wrote: 

> Thanks all for the advice! 
> 
> Things to do: 
> - I'll be looking to run Moxie Marlinspike's knockknock daemon soon as that seems like a superior solution to port knocking and rate limiting. (big fan of his work on TextSecure and RedPhone!) 
> - Run OpenSSH as a hiddenservice. This seems obvious now but had not occurred to me. 
> - Look into Fail2Ban and DenyHosts and implement them. 
> 
> Done and thank you for the reminders! 
> - Automated daily updates via emerge 
> - Server hardening done with hardened-gentoo 
> - Moved to key auth for ssh 
> 
> Alan: 
> I'll keep you and the community updated if soyoustart.com [2] (OVH) has any problem with the exit. Beyond forgetting to ban exits to 25 they have not said anything! 
> 
> Thanks Alan, David and Robert! 
> 
> Craig 
> 
> On Wed, Feb 5, 2014 at 5:12 PM, I <beatthebastards at inbox.com> wrote:
> 
>> Also, if you know how set the operating system to update automatically to keep it secure.
>> 
>> Robert
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1]

-- 

Dan Rogers 
+44 7539 552349
skype: dan.j.rogers 
gpg key [3] 
linkedin [4] | songkick [5] | twitter [6] | spotify [7] | music [8] 

Links:
------
[1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[2] http://soyoustart.com
[3] https://secure.techwang.com/gpg/public_key.txt
[4] http://www.linkedin.com/in/danrogerslondon
[5] http://www.songkick.com/users/music-is-math
[6] http://twitter.com/danjrog
[7] http://open.spotify.com/user/bonkbonkonk
[8] http://holdingitwrong.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140206/397230dc/attachment.html>

More information about the tor-relays mailing list