Disclamer; this is not a complete list, and should only be used a starting point to sanity check new Virtual Server deployments. Change your default SSH Port Disable root ssh Disable ssh password auth Enable IPTables/nftables Configure IPTables Enable two factor auth in pam Properly setup sudo Setup yubikey and/or google-authenticator Disable TLSv1, SSLv2, and SSLv3 on all of your services Enforce decent crypto algorithms Enable auditd Enable and configure SELinux Configure services to run on private addresses, (127.
I’ve been hosting my own DNS for a while now. Going on.. hmmm… let’s see I started that job in 2011 and I had been hosting from home… probably 9 years. And I have a confession, I made a rookie mistake. My name servers didn’t match my registrar’s glue records. Essentially, a glue record is the NS records your registrar provides to find your name servers. My bad… seems that some of my secondary domains have been missing email for awhile now.