Just a few things about your tutorial:
- (debian) When you're upgrading your system:
apt-get update
apt-get upgrade
is not sufficient, to upgrade kernel and other system programs, you need to do:
apt-get dist-upgrade
Adding "-y" to the command will indicate that the system does not have to ask you questions and the defaut answer is "Yes".
- changing ports for FTP and SSH is not the best solution to counter cracking attempts.
There are so many programs which can tell you how to find opened ports and what service is runned on each of them. A better solution would be fail2ban. "You send me garbage? Ok, I'll ban you for a specific period." I suggest to anyone interested in security to do some searches on fail2ban.
- According to your tutorial, there are things you can only do with root. Maybe I'm forgetting something, but the way you defined the user "pirate" in /etc/sudoers tells to the system "pirate" with the sudo command can do everything on the system. In fact, pirate is another administrator on the machine. Same priviledges in fact.
- What's the purpose of copying the public key of the root in his own ~/.ssh/authorized_keys? An administrator needs to do "ssh localhost" and connect without typing the password? "su -" will be more efficient and "> ~/.ssh/authorized_keys" will just create an empty "~/.ssh/authorized_keys".
Hope this will help you to make your tutorial better!
Bookmarks