Encrypted swapfile

Sometimes, it’s worth to encrypt swap space, especially if you process some privacy-sensitive data.

# install cryptsetup
sudo apt-get install cryptsetup
 
# generate swap
sudo truncate -s 1GB /cryptswap
sudo mkswap /cryptswap
 
# add to /etc/crypttab
cryptswap /cryptswap /dev/urandom swap
 
# add to /etc/fstab
/dev/mapper/cryptswap none swap sw 0 0
 
# activate encryption and swap
sudo /etc/init.d/cryptdisks reload && sudo swapon -a

Inspired by AskUbuntu.

EC2 instance safety instructions

  1. Add non-default user and add it to sudo group
    sudo adduser USERNAME
    sudo usermod -a -G sudo USERNAME
    # switch user
    su USERNAME
    
  2. Edit /etc/ssh/sshd_config
    # change port to non-default port ie 3434 
    # & add this port to your instance Security Groups > Inbound
    Port 3434
    
    # enable password authentication
    PasswordAuthentication yes
    
    # restart ssh
    sudo service ssh restart 
    
    ###
    # make sure you can login with 
    # your new username before continuing
    ###
    
    # disable root login without password by commenting: 
    #PermitRootLogin without-password
    
    # restart ssh
    sudo service ssh restart 
    
  3. Secure MySQL isntallation
    sudo mysql_secure_installation
  4. Reboot
    sudo reboot