I just spun up a private instance of lemmy on the cheapest Linode. So far so good.
I used the ansible method of installing the instance on the default Debian 11 image from Linode (link below).
I feel a bit worried that there are no firewall instructions in the install documents. And no notes on securing your instance.
Any thoughts on how to set up ufw for a lemmy instance? Or thoughts on other security tips?
A firewall won’t help you much beyond making sure no unwanted ports are open. The ansible install of Lemmy makes sure to only expose the ports 80 and 443 to the outside, which is fine for running a webserver. Additionally, Lemmy sets up a containerised environment for itself, so even if Lemmy is compromised, there is an additional hurdle to overcome if somebody wanted to compromise the underlying server itself.
As a more general security tip, I’d recommend you set up SSH with key based authentication and disable password authentication after you did that. Passwords can be brute forced, completely compromising your server if found.
Also consider changing the port for SSH to some random port >1024 and maybe install fail2ban for good measure.
Thanks! Good insight. For sure password-ssh is disabled and strong crypto used. I think this I’m at “good enough” for what I’m protecting atm.
To piggyback on other comments, a firewall only stops access to services you don’t want people to access.
Presumably you WANT people to access your Lemmy install, so a firewall doesn’t really offer any added protection.
If there’s an exploit in Lemmy, you might get bit, sure. It’s always a case of maintaining good backups, having a response plan in place and taking mitigation steps - patch the underlying OS, subscribe to release and security notifications so you know when an update or issue is found, and have a plan to either rapidly patch or disable services until you can patch them.
If you want to dive into more depth, there’s an awful lot of tooling from fail2ban to Crowdsec’s offerings to a whole slew of SIEM options you could implement to monitor traffic to your host to identify and take action on suspicious and/or outright malicious traffic, but that’s going to have to be a case of you deciding how much risk is okay and how much time you want to invest in mitigating.
It’s one of those 10% of the time can solve 90% of problems thing, so if it’s just a case of ‘well if something happens I’d be annoyed’ it’s maybe not worth investing a huge amount of time beyond updates and basic monitoring.
Great perspective. Thanks. I am running a different production web server with fail2ban, knock and other mitigation strategies in place. In the case of lemmy Linode does automatic backups. I’ll have a think about how much work I want to put into this. A hack or crash would mostly be an annoyance.
So a good exercise for threat modeling is to think through what would happen if your instance is compromised. Are there shared passwords on the machine? Other services? Private user data? Etc. Most likely your answer is there is nothing particularly sensitive on your Lemmy machine. If the instance is compromised they just have access to your compute resources at which point they might try to mine crypto with it or something.
So with that in mind, I might check on your billing model to make sure there isnt any sort of scaling cost they might be able to run up if that happened. Perhaps put some resource usage alarms in place. Im honestly not familiar with Linode, but have a lot of experience with AWS and GCP from my job.
I also recently found a nice general guide to securing a Linux server on GitHub you might find useful or interesting.
Great insights! Yeah, you’re right. There is nothing they can get from the machine that really compromises anything important. It is indeed the compute resources that are what needs to be kept an eye on.
It’s a really good idea to put usage restrictions in place. There are already alerts in place, but I have scaled the triggers way down, as lemmy really doesn’t use a lot of resources ATM. Will look into restrictions also.
