(www.kkyri.com)

66 points todsacerdoti | 1 comments | 22 Oct 24 00:52 UTC | HN request time: 0.208s | source

Show context

bigiain ◴[22 Oct 24 05:23 UTC] No.41911439[source]▶

>>41910124 (OP) #

I'd strongly suggest adding:

  echo "sudo ufw disable" | at now +5 minutes

as an emergency recovery mechanism before you first run

  sudo ufw enable

That way, if you've screwed up and locked yourself out with your new firewall rules, you can just wait 5 minutes and log back in (instead of paying for remote hands at your datacenter, or blowing away your vps and rebuilding from scratch).

Remember to re enable the firewall or stop the at job if everything works for you.

replies(3): >>41911977 #>>41912611 #>>41915925 #

LinuxBender ◴[22 Oct 24 16:24 UTC] No.41915925[source]▶

>>41911439 #

Alternately ensure you have console access from the VPS providers web console / terminal. Then you can safely stop/start sshd, vpn daemons, bork up firewall rules, etc...

On some VPS providers you can also instantly reboot into a rescue full blown OS that runs in memory and then mount and chroot into whatever disks that need to be fixed.

replies(1): >>41919087 #

1. bigiain ◴[22 Oct 24 21:50 UTC] No.41919087[source]▶

>>41915925 #

That's true, but I prefer to ingrain habits that'll work everywhere, instead of relying on stuff like vps console access which will work fine if you're working on your ec2 instance or your DO droplet, but will not work out so well when it's your home server or colo-ed box that you're trying to remotely secure from a hotel room while traveling.

But as @wink points out, these days you also need to ensure you've actually got at available - which is not guaranteed especially with cut down distros like Alpine.

↑

How to secure your new VPS: a step-by-step guide