Ask HN: How to harden a personal server systematically in 2021?

5 points by henchik ↗ HN
I'm setting up an AWS instance to self-host some sensitive data and would like to harden the OS (ubuntu 20.04) with a well known benchmark e.g. CIS level 1.

The only pre-hardened AMI's come from CIS and cost around $133 per year to run on a t2.micro instance.

I don't want to follow a random 'How to harden your server' article on Github and the free CIS level 1 benchmark PDF would take a week to implement manually and is prone to error.

Based on an afternoon of research all the configuration management tools I've found that implement hardening based on a well know standard e.g. CIS level 1 are only targeted and priced for enterprise customers (Puppet, CIS secureSuite, lockdown enterprise etc.)

Are you aware of any solutions?

1 comment

[ 2.9 ms ] story [ 10.8 ms ] thread
install iptables rules to block connections to all ports apart from ssh and https, depending on your setup. Only allow SSH connections from trusted addresses and / or keys.