New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
rm /usr/sbin/sshd; reboot
Well, I mean..that's pretty secure.
Edit: Also the best way to idle.
unattended-upgrades
That has been the intention.
I start by setting up an OpenBSD server
That's the front facing box (web head reverse proxy). Everything of consequence, apps, databases, are on backend boxes in DMZ (i.e. not accessible from the internet, not acceessible over ipv4 at all, ipv6 only).
I begin with adding "spectre_v2=off nopti" to boot parameters.
Why not go all the way?
noibrs noibpb no_stf_barrier l1tf=off kvm-intel.vmentry_l1d_flush=never nospec nospec_store_bypass_disable nopti nospectre_v2
EDIT:
And the microcode on intel, debian/ubuntu:
apt-get -y purge intel-microcode; reboot
Usually I follow up the guide on digitalocean:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
Gotta say you guys are all hardcore with all that destructive rm -rf / and shutdown -h shit.
Back in my days, a good prank was to add /bin/false to /etc/shells and replace whatever bash, zsh, csh as login shell with /bin/false.
It was both secure and non destructive, it even allowed users to use FTP and if they were chrooted to their ~/ or /tmp with write disabled, it was secure.
Kids these days all they know is destructive shit and DDoSing the fuck out of each other.
What a sad time to live in...
I usually setup ConfigServer Security & Firewall (csf) instead of ufw.
Great benchmark script. The best one I’ve ever used. We should let more people know your awesome work!
@PINGAPAC
Now, if you have a read of my benchmark, you'll find that it's not destructive in the slightest.
For getting people to read and review shit before running it...it's pretty damn good.
Nice work \o Scare the read into people.
Why csf instead of ufw?
Have you seen this one yet?
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
/hardcore/assholes/
Sounds hot
Yeah, pretty sure that's a pornhub category.
Looks like a directory to me.
Some reason when doing rm -rf after I pull out turns everything off?
No idea.
Never tried.
@JohnMiller92 you and your computer kinks.
Close this thread please.
I'm sorry you feel that way.
There are more settings to play with.
Alright. Will try it out on the next setup \o
Because, some parameters, including "noibrs" "noibpb" (with "spectre_v2=off") and "kvm-intel.vmentry_l1d_flush=never" (with "l1tf=off") and "no_stf_barrier" (except on powerpc) and "nospec", are as useless as your award-winning comment.
"l1tf=off" not needed, because, no KVM within my VPS.
"nospec_store_bypass_disable", well, too long to key in -- dismiss !!
So what would the name of said award be?
Collect them all!
/Good/luck/with/your/budget/.