Fullnode security

Hey folks! I want to break down the basics of Aptos Fullnode security, which should generally be enough for you to be confident your full node is in safety. After you set your Fullnode you should think about safeguarding it to make Aptos network more stable and secure.

0#Important preface:

*you need to follow general security rules, such as setting different complex passwords for each resource (your server provider, working session, mail and so on)

*Make sure to take care of 2FA as it is a strong defense against hacking in addition to the password.

Most of all hacks and thefts happen not because of the skill of attackers, but because you initially make weak passwords, forget about 2FA, use the same password everywhere. Please take this point seriously.

1#Create user

sudo adduser molot

#create complex password

#giving permissions to new user

sudo usermod -aG sudo molot

#To check whether new user is in a sudo group or not do the command

sudo -l -U molot

#join as new user

su molot

2#add the public key on server

mkdir ~/.ssh

chmod 0700 ~/.ssh

touch ~/.ssh/authorized_keys

chmod 0644 ~/.ssh/authorized_keys

cat > .ssh/authorized_keys

ssh-<your_public_sshkey>

Ctrl+D

Now you will need the private key you created to work with your Fullnode in the future

3#Close login and password access

sudo nano /etc/ssh/sshd_config

Setting values:

PermitRootLogin no

PasswordAuthentication no

sudo systemctl restart sshd

4#Turn auto updates off

nano /etc/apt/apt.conf.d/20auto-upgrades

Set all on 0.

5#Firewall settings (ufw)

For the validator fullnode:

sudo ufw allow 22

sudo ufw allow 6181/tcp

sudo ufw allow 6182/tcp

sudo ufw deny 9101

sudo ufw deny 80

sudo ufw deny 8080

For the validator:

sudo ufw allow 22

sudo ufw allow 6180/tcp

sudo ufw allow 6181/tcp

sudo ufw deny 6182

sudo ufw deny 9101

sudo ufw deny 80

sudo ufw deny 8080

For a public fullnode:

sudo ufw allow 22

sudo ufw allow 6182/tcp

sudo ufw deny 9101

sudo ufw deny 80

sudo ufw deny 8080

#enable firewall

sudo ufw enable

6#To monitor the healthiness of your Fullnode and react instantly I recommend setting monitoring tools and care about alerts integration.

Hope someone will find this useful, thanks for reading and have a good day!

26 Likes

Thank you so much for these valuable tips.
You provided useful and crucial information for maintaining security. We appreciate it :heart:

9 Likes

Aptos always doing things differently :fire::fire::fire:

9 Likes

Aptos, doing great things perusual…:boom::boom::boom:

7 Likes

Always building

6 Likes

does anyone know where the word “sudo” came from in programming? quick quiz :slight_smile:

7 Likes

tech is too based and I respect you for sharing sir

6 Likes

thanks for this. really looking forward to deploying my first contract and every bit of sharing here is helpful!

5 Likes

good post bro

5 Likes

Security is everything!

4 Likes

thank you for sharing buddy!

5 Likes

thanks for this!

3 Likes

this is too technical for me but I will remember it for later :slight_smile:

5 Likes

what a valueble infor thanks

1 Like