- No root password on a server. Privileges of operators are
elevated with sudo.
- Locally installed software should not need root
privileges in order to be installed.
- Only private/public key access to the server
- Of course, private keys for humans have a passphrase.
- Of course, public keys for services are locked down to the minimal
required functionality, see only.
- SSH login only for specific user/group combinations.
- Privilege separation wherever possible: all services run with
different users/groups.
- Wherever possible use runit and ?svlogd for running a service
and logging its diagnostics.
- Use socklog instead of
syslog
- Avoid software which needs root privileges, or does not drop them
after acquiring the needed resources (e.g. IP ports below 1024).
- Always keep Time in sync.
- Have a working resolution.