2020-01-29 10:05:21 +00:00
|
|
|
## PHP inections
|
|
|
|
|
|
|
|
|
|
See phpmalwarescanner
|
|
|
|
|
|
|
|
|
|
|
2020-01-28 12:40:31 +00:00
|
|
|
## Firewall
|
|
|
|
|
|
|
|
|
|
### Ports I need
|
|
|
|
|
|
|
|
|
|
Incoming - DROP except:
|
|
|
|
|
* http/s (nginx)
|
|
|
|
|
* 8448 (synapse - with TLS through nginx)
|
|
|
|
|
* ssh
|
|
|
|
|
* icmp
|
|
|
|
|
* ftp
|
|
|
|
|
|
|
|
|
|
Outgoing - ACCEPT all
|
|
|
|
|
|
|
|
|
|
### Using UFW
|
|
|
|
|
|
|
|
|
|
* Enable IPv6 in `/etc/default/ufw` if not done:
|
|
|
|
|
|
|
|
|
|
IPV6=yes
|
|
|
|
|
|
|
|
|
|
* Set default rules e.g.:
|
|
|
|
|
|
|
|
|
|
ufw default deny incoming
|
|
|
|
|
ufw default allow outgoing
|
|
|
|
|
|
|
|
|
|
* Configure more rules:
|
|
|
|
|
|
|
|
|
|
ufw [allow|deny|reject|limit] [in|out] [protocol|port]
|
|
|
|
|
|
|
|
|
|
See `ufw.sh`.
|
