-
Notifications
You must be signed in to change notification settings - Fork 886
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Operate a stakepool : Hardening server guide #1089
Conversation
Add Hardening Server section
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be welcome addition, but just need to align as per styling guide, and maybe move the page to deployment scenarios - alongside "improve grafana security" (or in basics)
Accordingly added a few comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re: 2f35a45 & #1089 (comment)
@Kirael12 we cannot include this material in the Basics section because it is not obligatory. For instance, the use of fail2ban
is a popular but arbitrary choice considering all the alternatives including banning IP addresses manually (which incidentally has worked for our own pool for nearly 3 years).
Therefore @rdlrt according to our original conception of Deployment Scenarios #737 (comment) I have had to move it back there.
@Kirael12 the use of the term "deployment" has nothing to do with platforms nor containers: rather, these are methods that operators might choose to deploy in their operating environment which are not strictly required... which applies to most of the items on this new page.
Checklist
yarn build
after adding my changes without getting any errors.Updating documentation or Bugfix
I created a "Hardening Server" section which describes in 10 steps how to secure an Ubuntu server (22.04 LTS or 20.04 LTS) before installing Cardano Node :
1- Create a non-root user for your Cardano node
2- Disable root
3- Update System
4- Activate Unattended-upgrades for automatic security updates
5- Generate SSH keys
6- Hardening SSH configuration
7- Firewall configuration
8- Fail 2 ban installation and configuration
9- /etc/sysctl.conf hardening
10- Shared Memory hardening