I’m seeing some warnings in the Cockpit server manager that it’d be really nice to get rid of. No, I don’t want to change my SSH port:
No, I don’t need to configure a backup:
No, I don’t need to restrict access to the server manager:
…and I could have sworn I’d seen the password policy in there as well, but I don’t see it right know.
All of these (well, with the possible exception of SSH) raise valid points, but I know. I’ve seen them. I have my own reasons for not doing them. And it’d be really nice to make these go away, so when I see the warning indication again I’ll know there’s an actual issue to be concerned with.
That does it. Not at all what I would have expected for “hints”; I’d call them “warnings” instead. But it’d be much nicer to be able to dismiss them individually.
GDPR says “default is bad”, you should always harden the security configuration of your device if possible and being warned by the software is a way to consider it a bit more compliant.
Into System of Cockpit my test installation gives me these hints:
Change default company
Create at least one data backup
Change SSH port
Specify ip addresses allowed to access to CockPit
None of these settings are an issue for the installation to work correctly (so warning may not be the right way to call them), most of them are related to defend data and setup:
create a backup task could help to prevent data loss, and “frees” the project to be claimed uncompliant because was not reminded to user
change SSH port will lower the opportunities for the installation to be harassed by scripts
restrict ip access to New Server Manager will reduce footprint for access to administrative interface
Last but not least: Fail2Ban, with a not strict setup, should be installed as default package, IMVHO, because it helps preventing brute force attack to logins.