As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).
With shell scripts which run the command but also send me a notification via pushover. I’m running several internet-facing services, and the moment those get run because someone is doing some sleuthing inside the machine, I get notified.
It doesn’t stop people getting in, I’ve set up other things for that – but on the off chance that there is some zero-day that I don’t know about yet, or they’ve traversed the network laterally somehow, the moment they run one of those commands, I know to kill-switch the entire thing.
The thing is, security is an on-going process. Leave any computer attached to the internet long enough and it’ll be gotten into. I don’t trust being able to know every method that can be used, so I use this as a backup.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I’ve replaced reconnaissance commands (a handful of them found here: https://www.cybrary.it/blog/linux-commands-used-attackers) – whoami, uname, id, uptime, last, etc
With shell scripts which run the command but also send me a notification via pushover. I’m running several internet-facing services, and the moment those get run because someone is doing some sleuthing inside the machine, I get notified.
It doesn’t stop people getting in, I’ve set up other things for that – but on the off chance that there is some zero-day that I don’t know about yet, or they’ve traversed the network laterally somehow, the moment they run one of those commands, I know to kill-switch the entire thing.
The thing is, security is an on-going process. Leave any computer attached to the internet long enough and it’ll be gotten into. I don’t trust being able to know every method that can be used, so I use this as a backup.
That’s a very good idea. Something to think about, especially if you have open ports and are paranoid enough (aren’t we all? Hehe). Thanks