chris/amarth
Archived
1
0
Fork 0
Code Issues 30 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Harden M1 OS: SSH key-only, firewall, audit #33

New issue
Open
opened 2025-09-01 14:10:01 +00:00 by chris · 0 comments
chris commented 2025-09-01 14:10:01 +00:00
Owner
Copy link

Description

  • Implement SSH key-only access, disable root login, create admin users.
  • Configure NixOS firewall rules to only allow necessary management ports.
  • Enable journald audit logging and basic system-level audits.

Priority: P0
Estimate: 8 hours
Acceptance criteria

  • No password SSH login possible; root login disabled.
  • Firewall blocks unexpected ports; admin can still access required services.
  • Audit rules in place and logs stored/rotated.
Description - Implement SSH key-only access, disable root login, create admin users. - Configure NixOS firewall rules to only allow necessary management ports. - Enable journald audit logging and basic system-level audits. Priority: P0 Estimate: 8 hours Acceptance criteria - No password SSH login possible; root login disabled. - Firewall blocks unexpected ports; admin can still access required services. - Audit rules in place and logs stored/rotated.
chris added this to the A - Foundations & Hardened Management Node milestone 2025-09-01 14:10:01 +00:00
chris added the
security
hardening
nix
 labels 2025-09-01 14:10:01 +00:00
chris self-assigned this 2025-09-01 14:10:01 +00:00
chris changed title from A2 — Harden M1 OS: SSH key-only, firewall, audit to Harden M1 OS: SSH key-only, firewall, audit 2025-09-01 14:13:37 +00:00
chris added this to the MVP project 2025-09-03 06:51:58 +00:00
This repository is archived. You cannot comment on issues.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
alerts

   
architecture

   
automation

   
backend

   
backup

   
billing

   
ceph

   
ci

   
consul

   
database

   
design

   
developer-experience

   
disaster-recovery

   
docs

   
forgejo

   
git

   
grafana

   
hardening

   
incident-response

   
infra

   
k3s

   
k8s

   
kubernetes

   
monitoring

   
multi-tenancy

   
networking

   
nix

   
nodes

   
onboarding

   
opentofu

   
ops

   
payments

   
policies

   
portal

   
prometheus

   
prototype

   
repo

   
rook

   
runners

   
runtime

   
secrets

   
security

   
setup

   
storage

   
templates

   
terraform

   
tls

   
ui

   
workflow
No labels
alerts
architecture
automation
backend
backup
billing
ceph
ci
consul
database
design
developer-experience
disaster-recovery
docs
forgejo
git
grafana
hardening
incident-response
infra
k3s
k8s
kubernetes
monitoring
multi-tenancy
networking
nix
nodes
onboarding
opentofu
ops
payments
policies
portal
prometheus
prototype
repo
rook
runners
runtime
secrets
security
setup
storage
templates
terraform
tls
ui
workflow
Milestone
Clear milestone
No items
No milestone
A - Foundations & Hardened Management Node
Projects
Clear projects
No items
No project
MVP
Assignees
Clear assignees
No assignees
chris
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: chris/amarth#33
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?