|
|
|
|
|
|
by mihaigalos
1246 days ago
|
|
|
I've taken steps to secure my Linux: * Using Yubikey PAM always as a 2FA for ssh,sudo (also on every Linux in my home network). * Always require authentication on each sudo command (prevents escalating once and then reusing privileges). * Only running Docker with sudo as recommended (requires 2FA now). * Closing all traffic other than services I need with nftables. Regularly look at the journalctl for suspicious activity. |
|
|
Perhaps somebody can confirm if it's a good idea or not, but I like to generate only 1 emergency code for Authenticator (the least) and then delete that line in ~/.google-authenticator. Also, permissions of 400.
In case interested, check it out in code here: https://github.com/mihaigalos/config/blob/main/services/pam/...