We use Lynis as automated security resource for auditing, system hardening and compliance testing:
Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open source software with the GPL license and available since 2007.
Lynis performs hundreds of individual tests. Each test will help to determine the security state of the system. Most tests are written in shell script and have a unique identifier.
We keep the server’s operating system and applications up to date with the latest security patches.
Configuring the firewall to allow only necessary ports and protocols and blocking all others.
Restricting access to the server to only authorized personnel, using methods such as SSH keys or two-factor authentication and on some services we use ip-restricted access.
Prometheus and Grafana
Monitoring the servers and nodes for unusual activity with prometheus and grafana monitoring and alerting systems.
Backup servers/redundant services are running so we can recover nodes in the event of a hardware failure.