1. Security updates/unattended upgrades
2. Sudo user (don't use root directly)
3. Log Rotation
4. SSH. Key based only. Ideally with a passphrase. No root login
5. Firewall. Only open ports that are needed (80,443 etc)
Then you can do other things as needed (private network etc).
1. Security updates/unattended upgrades
2. Sudo user (don't use root directly)
3. Log Rotation
4. SSH. Key based only. Ideally with a passphrase. No root login
5. Firewall. Only open ports that are needed (80,443 etc)
Then you can do other things as needed (private network etc).