From 9e5df0503603959ae8f88f91f7484b39912aecd3 Mon Sep 17 00:00:00 2001 From: who am i Date: Fri, 5 Mar 2021 10:17:45 +0100 Subject: [PATCH] Update page 'This guide should help new users to secure "harden" their Oxen Service Node.' --- ...e-%22harden%22-their-Oxen-Service-Node..md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md index 7f8f9b2..53f9d76 100644 --- a/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md +++ b/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node..md @@ -20,7 +20,7 @@ Remark: There is also non-debian installer available: https://github.com/hesiod- 2. [System scan](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#2-system-scan) -3. ([TBD: Firewall](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#3-firewall) +3. [Firewall](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#3-firewall) 4. [SSH Keys](http://8bb19w1gugu7yq3cyck63gbo18udodab1b6zr1uykdphm37ushco.loki/whoami/Oxen-Service-Node-VPS-Hardening/wiki/This-guide-should-help-new-users-to-secure-%22harden%22-their-Oxen-Service-Node.#4-ssh-keys) @@ -164,10 +164,6 @@ All results have been written to the log file: /var/log/rkhunter.log # 3. Firewall -***Note, Aug. 11th : There are some UFW test for the deb. SN installer on-going therefore it is recommended to keep UFW disable as -long as test are not finished.*** - - By default, Ubuntu comes with the [Uncomplicated FireWall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall) (UFW). It’s default setting is inactive. Before you activate UFW **you have to ensure that ssh connection is allowed**. Allow ssh connection to your VPS : @@ -182,13 +178,17 @@ sudo ufw enable UFW will show you a ssh-warning which you can now accept by typing a ‘yes’ and hit Enter to continue. -You should close all ports and explicitly open all ports which Loki service nodes requires to operate with the Loki network. Luckily, the latest deb package is doing the job for you. So, hereafter just a list of Loki SN port: +You should close all ports and explicitly open all ports which oxen service nodes requires to operate with the Loki network. Luckily, the latest deb package is doing the job for you. So, hereafter just a list of oxen service node ports: + +To ensure that all required ports are open you can command the following: ``` -ports 22022,22025,38156,38159/tcp for the loki-daemon -ports 22020,22021,38154,38155/tcp for the loki-storage-server -port 1090/udp for the lokinet-router -(port 22023 tcp for lokid RPC this is not required for Loki service nodes) +sudo ufw allow 1090/udp +sudo ufw allow 22020/tcp +sudo ufw allow 22021/tcp +sudo ufw allow 22022/tcp +sudo ufw allow 22023/tcp +sudo ufw allow 22025/tcp ``` Remark: As long as you are using the standard ports. This port rules are defined in `/etc/ufw/applications.d` (for the deb package only).