There are a few other posts on HN with the same title. Some things to also consider that I had not seen mentioned:
PCI
CIS
Etc…
Include many more things specifically around ssh that you can do outside of fail2ban, also things that are requirements for the above….
These posts are good but slightly miss a lot of security practices that are “standard”. As always the best security is not allowing the system to be connected to anything.
But in the event that you have to have a system with such availability, it’s always best to introduce at least CIS foundations and whatever you see fit for security. Just my .02..
I have received a lot of feedback regarding this. I'm waiting for Ubuntu to update their CIS docs for 24.04, I'll update my post when they do. I keep a lot of my blog posts regularly updated, this post will be one of them.
Try these out - I cook 6-7 nights a week at home. Some really amazing things in Kenji's book.
You may not find exactly what you are looking for in them, since well they read like books, not scientific papers.
Not to mention when credits are applied and how their whole billing cycle works
- there are plenty of companies trying to approach this but when you get into the bigger more complex bills it is still a mystery all around (especially for finance people)
A nodejs closed caption converter. I’m not a developer but can get along just fine for most of my projects.
Funniest part was, I open sourced it. Then a few years and an acquisition later the parent company tried to sell us a tool for converting caption files based off my own code.
I honestly just laughed it off and chalked it up to a really fun experience.
If someone finds my code useful in some way I guess it proves I did something decently.
If they sell it and make $ off of it well yeah it wouldn't be ideal but hey, It's open source, I made it so people can use it.
My friend and I in the room who just laughed, we said "Oh this is cool, what are you using to parse the caption files?" They mentioned my project and I said "Yeah I am the maintainer....." pretty sure nothing else was really said about it after that... Not as fun as you probably hoped but for me it was fantastic.
Fandango is looking to hire remote or hybrid in-person for DevOps roles and engineering roles.
Fandango is the ultimate digital network for all things movies, serving more than 60 million unique visitors per month, according to comScore. Its portfolio features leading online ticketers Fandango, MovieTickets and Flixster; world-renowned movie review site Rotten Tomatoes; and the Movieclips multichannel network on YouTube. Fandango's movie discovery and ticketing innovations can also be found on mobile, social, AI bot and voice platforms from Apple, Facebook, Google, Amazon, and others. Video on-demand service, Vudu offers new release and catalog movies and next-day TV shows to more than 200 million connected, over-the-top (OTT) and mobile devices. In Latin America, the company operates leading online ticketers Ingresso and Fandango Latin America.
Include many more things specifically around ssh that you can do outside of fail2ban, also things that are requirements for the above….
These posts are good but slightly miss a lot of security practices that are “standard”. As always the best security is not allowing the system to be connected to anything. But in the event that you have to have a system with such availability, it’s always best to introduce at least CIS foundations and whatever you see fit for security. Just my .02..