Hey folks! I want to break down the basics of Aptos Fullnode security, which should generally be enough for you to be confident your full node is in safety. After you set your Fullnode you should think about safeguarding it to make Aptos network more stable and secure.
*you need to follow general security rules, such as setting different complex passwords for each resource (your server provider, working session, mail and so on)
*Make sure to take care of 2FA as it is a strong defense against hacking in addition to the password.
Most of all hacks and thefts happen not because of the skill of attackers, but because you initially make weak passwords, forget about 2FA, use the same password everywhere. Please take this point seriously.
sudo adduser molot
#create complex password
#giving permissions to new user
sudo usermod -aG sudo molot
#To check whether new user is in a sudo group or not do the command
sudo -l -U molot
#join as new user
2#add the public key on server
chmod 0700 ~/.ssh
chmod 0644 ~/.ssh/authorized_keys
cat > .ssh/authorized_keys
Now you will need the private key you created to work with your Fullnode in the future
3#Close login and password access
sudo nano /etc/ssh/sshd_config
sudo systemctl restart sshd
4#Turn auto updates off
Set all on 0.
5#Firewall settings (ufw)
For the validator fullnode:
sudo ufw allow 22 sudo ufw allow 6181/tcp sudo ufw allow 6182/tcp sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080
For the validator:
sudo ufw allow 22 sudo ufw allow 6180/tcp sudo ufw allow 6181/tcp sudo ufw deny 6182 sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080
For a public fullnode:
sudo ufw allow 22 sudo ufw allow 6182/tcp sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080
sudo ufw enable
Hope someone will find this useful, thanks for reading and have a good day!