sudo nano /etc/ssh/sshd_config
Port 2222
PermitRootLogin no
PasswordAuthentication no
ssh-keygen -t rsa -b 4096
ssh-copy-id kullanıcı@sunucu_ip
sudo systemctl restart ssh
adduser emre
usermod -aG sudo emre
usermod -L kullanici_adi
sudo visudo
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp
sudo ufw enable
sudo ufw status verbose
sudo apt install fail2ban
# /etc/fail2ban/jail.local
[sshd]
enabled = true
port = 2222
maxretry = 5
sudo systemctl enable --now fail2ban
systemctl list-units --type=service
sudo systemctl disable bluetooth.service
sudo systemctl stop bluetooth.service
find / -perm -o+w -type f
ls -ld /root /etc /var
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
journalctl -p 3 -xb
sudo less /var/log/auth.log
sudo less /var/log/syslog
tail -f /var/log/auth.log
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
sudo apt install chkrootkit lynis
sudo chkrootkit
sudo lynis audit system
Lokal sunucularda fiziksel erişim kısıtlaması, BIOS şifresi, USB boot engellemesi gibi fiziksel güvenlik önlemleri de ihmal edilmemelidir.