====== Administration of Linux Servers ======

===== Security / Hardening =====
  * set [[:admin:linux:cli:ssh|SSH]] to a different port than 22 to filter out noise
  * use SELinux or AppArmor
  * use a firewall, e.g. iptables, nftables, [[:admin:linux:firewalld|firewalld]], [[:admin:linux:ufw|ufw]]
  * run services with their own users instead of root
  * remove the world readable bit from config files which contain credentials

===== Media Server =====
  * You can use MergerFS and SnapRAID instead of "regular" [[..:raid|RAID]] for cheaper storage.

==== see also ====
  * [[:admin:linux:hardening|Linux hardening]]
  * [[:admin:linux:security|Linux security]]
  * [[admin:security:start|Security for admins]]
  * [[:admin:network:security|Network security]]