Hi Team,
Does anyone have any hardening documentation of vyos router? I searched a lot but didnt find anything. If not then probably I can write one and share with community?
TIA
Blason R
I have been doing this for my personal use but other things got in the way so I havent published anything (yet).
I think its a great idea!
Preferly have sections so one can cherrypick which parts one want to “harden”.
And as always with hardening sometimes it boils down to taste and the unique situation one want to “harden” against.
Here are some examples regarding HPE Comware and Aruba OS:
https://support.hpe.com/hpesc/public/docDisplay?docId=a00120206en_us&docLocale=en_US
1 Like
Nothing exists as a one stop guide. Here are some resources to get you going though:
Quick start see hardening at very bottom:
https://docs.vyos.io/en/sagitta/quick-start.html
Firewall global options:
https://docs.vyos.io/en/sagitta/configuration/firewall/global-options.html
SSH Dynamic Protection:
https://docs.vyos.io/en/sagitta/configuration/service/ssh.html
Sysctl config:
https://docs.vyos.io/en/sagitta/configuration/system/sysctl.html
Misc:
You could also look at SCAP for Debian or STIG for adjacent Linux distributions for advice but don’t blindly follow that advice without first assessing if that mitigation is relevant for VyOS (or won’t break behavior).
Right and yeah thats a good material though