Open jerabaul29 opened 2 years ago
daringer
commented
2 years ago nope, haven't been looking into extra hardening, yet. But happily added this issue and its first hints as a documentation todo to make this available for more ppl.
Overall we will mainly focus on Nextcloud settings/configuration and apps to approach this target. Unfortunately, we have to draw lines in terms of scope for especially the documentation, otherwise it will end up as a linux-handbook :nerd_face:
jerabaul29
commented
2 years ago Sounds good :) .
I think it would make sense to harden the Linux distro the RPi is running as much as possible 'from factory'. Some of the steps (like UFW with a default restrictive policy that is just enough for HTTP, HTTPs, SSH) would make quite a difference but still be very little work (just a tiny bit of auto install and config) I guess? :) .
jerabaul29
commented
2 years ago About hardening external connections especially SSH, a few possible directions:
Are there any additional steps users can take to extra harden their nextox that are not enabled by default? Should there be a list of such possible hardening measures? There are at least a few nextcloud featured apps that can help:
Anything more? And any additional hardening of the RPi and its OS by themselves? Is UFW enabled for example? Anything more that would be doable?