Started off by
- Enabling unattended updates
- Enable only ssh login with key
- Create user with sudo privileges
- Disable root login
- Enable ufw with necessary ports
- Disable ping
- Change ssh default port 21 to something else.
Got the ideas from networkchuck
Did this on the proxmox host as well as all VMs.
Any suggestions?
automatic updates is a great strategy for breaking the system
Automatic backups are great for recovering from broken updates lol
agreed. i do daily backups for everything to s3
Some would argue that not having them, is a great strategy for breaking in the system :P