Operate a stakepool : Hardening server guide #1089
Conversation
Add Hardening Server section
There was a problem hiding this comment.
Would be welcome addition, but just need to align as per styling guide, and maybe move the page to deployment scenarios - alongside "improve grafana security" (or in basics)
Accordingly added a few comments
fill-the-fill
added
stake pool operators
There was a problem hiding this comment.
re: 2f35a45 & #1089 (comment)
@Kirael12 we cannot include this material in the Basics section because it is not obligatory. For instance, the use of fail2ban is a popular but arbitrary choice considering all the alternatives including banning IP addresses manually (which incidentally has worked for our own pool for nearly 3 years).
Therefore @rdlrt according to our original conception of Deployment Scenarios #737 (comment) I have had to move it back there.
@Kirael12 the use of the term "deployment" has nothing to do with platforms nor containers: rather, these are methods that operators might choose to deploy in their operating environment which are not strictly required... which applies to most of the items on this new page.
Checklist
yarn buildafter adding my changes without getting any errors.Updating documentation or Bugfix
I created a "Hardening Server" section which describes in 10 steps how to secure an Ubuntu server (22.04 LTS or 20.04 LTS) before installing Cardano Node :
1- Create a non-root user for your Cardano node
2- Disable root
3- Update System
4- Activate Unattended-upgrades for automatic security updates
5- Generate SSH keys
6- Hardening SSH configuration
7- Firewall configuration
8- Fail 2 ban installation and configuration
9- /etc/sysctl.conf hardening
10- Shared Memory hardening