Sibirocobombus

Documenting the setup for my new machine running Debian.

• Sibirocobombus Setup
• SSL Labs ✅ A+
• Mozilla Observatory

* HTTP Observatory: C+ → B → B+ (I use inline Javascript)

* CryptCheck: A (I think they don’t like ECDHE and CBC?)

* securitheaders.io: A

* HSTS Preload: ✓

Sibirocobombus Setup

SSL Labs

Mozilla Observatory

I should do this for all my domains; currently only alexschroeder.ch applied for the HSTS preload list. Sites on that list must not redirect from their root!

Stop using this:

RedirectMatch permanent ^/$ https://alexschroeder.ch/wiki

Instead, use this:

DirectoryIndex wiki

Checked:

• alexschroeder.ch
• campaignwiki.org
• oddmuse.org

SSH:

• followed the instructions of the SSH Hardening Guides – see ssh for the fingerprints

SSH Hardening Guides

ssh