Advice On Securing Internal Linux Server w/ A Minecraft Server On It
Posted by snowmenjones@reddit | linuxadmin | View on Reddit | 9 comments
Hey all,
I have an ubuntu headless server that I keep inside my home. I mostly use it to run a minecraft server for my friends and that runs in a separate user in a screen (also my ./start.sh file doesn't require root privilege to run). My regular admin user hosts samba so I can move files between devices easier and stores random things (password protected). I also use it when I find interesting and short code problems. I connect to the server from ssh using ssh keys and a password.
So my question is how secure is the server from the internet? I know having my 25565 port open is a vulnerability, however, any advice to lock it down, or what risks the server is facing, would be appreciated.
jakedata@reddit
Consider setting up a free Tailscale account. Then you can set an ACL to only allow your friends access to port 25565 and traffic will be encrypted with the Wireguard protocol.
stormcloud-9@reddit
run it from a VM or from a container.
ConTron44@reddit
+1, I ran the PaperMC docker image and it has some glorious performance in addition to being easy to manage. With the server itself you can set allow-lists for select IPs.
I'm not certain, but there'd probably be a firewall setting or otherwise that also only allows select IPs at that specific port.
throwawayagin@reddit
This is the way! Especially if you autopause the server. Whitelisting IP's will keep it from being woken up from knocks/scans
stormcloud-9@reddit
You don't have to share an IP between the host and the containers. You can run containers on their own IP using a network bridge.
Gendalph@reddit
This is the way.
StatementOwn4896@reddit
Install Pam and fail2ban.
knobbysideup@reddit
Install lynis. See what
lynis audit aystem
has to say.Auniqueusername234@reddit
You can always make things difficult by stigging it. https://www.stigviewer.com/stig/canonical_ubuntu_20.04_lts/