| description |
|---|
Quick steps to secure your node |
This guide shows you how to take additional steps to secure your server. Each security item is enumerated below.
{% hint style="info" %} Please note that any ports listed in the guide are not specific to the Hop Node. {% endhint %}
- ****Create a non-root user with sudo privileges
- ****Disable SSH password Authentication and Use SSH Keys only
- Update your system
- Setup Two Factor Authentication for SSH [Optional]
- Secure Shared Memory
- Install Fail2ban [Optional]
- Configure your Firewall
- **** Verify Listening Ports
- **** Use system user accounts - Principle of Least Privilege [Advanced Users / Optional]
The following are best practices when running a node.
| Type | Best Practice |
|---|---|
| Networking | Assign static internal IPs to both your validator node and daily laptop/PC. This is useful in conjunction with ufw and Fail2ban's whitelisting feature. Typically, this can be configured in your router's settings. Consult your router's manual for instructions. |
| Power Outage | In case of power outage, you want your validator machine to restart as soon as power is available. In the BIOS settings, change the Restore on AC / Power Loss or After Power Loss setting to always on. Better yet, install an Uninterruptible Power Supply (UPS). |
| Clear the bash history | When pressing the up-arrow key, you can see prior commands which may contain sensitive data. To clear this, run the following:
|