CSEC_PUBLIC/How-To-Secure-A-Linux-Server
1
0
Fork 0
mirror of https://github.com/imthenachoman/How-To-Secure-A-Linux-Server.git synced 2025-12-06 17:22:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
IMTheNachoMan
2019-03-07 22:48:29 -05:00
parent 6b3f4a22dd
commit 3a0548fa12
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -34,7 +34,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach
- [NTP Client](#ntp-client) - [NTP Client](#ntp-client)
- [Force Accounts To Use Secure Passwords](#force-accounts-to-use-secure-passwords) - [Force Accounts To Use Secure Passwords](#force-accounts-to-use-secure-passwords)
- [Automatic Security Updates and Alerts](#automatic-security-updates-and-alerts) - [Automatic Security Updates and Alerts](#automatic-security-updates-and-alerts)
- [The Firewall](#the-firewall) - [The Network](#the-network)
- [UFW: Uncomplicated Firewall](#ufw-uncomplicated-firewall) - [UFW: Uncomplicated Firewall](#ufw-uncomplicated-firewall)
- [PSAD: iptables Intrusion Detection And Prevention](#psad-iptables-intrusion-detection-and-prevention) - [PSAD: iptables Intrusion Detection And Prevention](#psad-iptables-intrusion-detection-and-prevention)
- [Fail2ban: Application Intrusion Detection And Prevention](#fail2ban-application-intrusion-detection-and-prevention) - [Fail2ban: Application Intrusion Detection And Prevention](#fail2ban-application-intrusion-detection-and-prevention)
@@ -1103,7 +1103,7 @@ We will use unattended-upgrades to apply **critical security patches**. We can a
([Table of Contents](#table-of-contents)) ([Table of Contents](#table-of-contents))
## The Firewall ## The Network
### UFW: Uncomplicated Firewall ### UFW: Uncomplicated Firewall
@@ -2436,8 +2436,6 @@ Also, as discussed in [issue #29](https://github.com/imthenachoman/How-To-Secure
sudo sed -i -r -e "/\.ifdef MAIN_TLS_ENABLE/ a # added by $(whoami) on $(date +"%Y-%m-%d @ %H:%M:%S")\n.ifdef TLS_ON_CONNECT_PORTS\n tls_on_connect_ports = TLS_ON_CONNECT_PORTS\n.endif\n# end add" /etc/exim4/exim4.conf.template sudo sed -i -r -e "/\.ifdef MAIN_TLS_ENABLE/ a # added by $(whoami) on $(date +"%Y-%m-%d @ %H:%M:%S")\n.ifdef TLS_ON_CONNECT_PORTS\n tls_on_connect_ports = TLS_ON_CONNECT_PORTS\n.endif\n# end add" /etc/exim4/exim4.conf.template
``` ```
1. Add the below to `/etc/exim4/exim4.conf.template` after the `.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS ... .endif` block:
1. Update exim4 configuration to use TLS and then restart the service: 1. Update exim4 configuration to use TLS and then restart the service:
``` bash ``` bash