Inspired by this comment to try to learn what I’m missing.
- Cloudflare proxy
- Reverse Proxy
- Fail2ban
- Docker containers on their own networks
Another concern I have is does it need to be on a separate machine on a vlan from the rest of the network or is that too much?
111·7 months ago- Fail2ban
- UFW
- Reverse Proxy
- IPtraf (monitor)
- Lynis (Audit)
- OpenVas (Audit)
- Nessus (Audit)
- Non standard SSH port
- CrowdSec + Appsec
- No root logins
- SSH keys
- Tailscale
- RKHunter