# Fullnode security After you set your Fullnode you should think about safeguarding it to make Aptos network more stable and secure. ## *Important preface:* \**you need to follow general security rules, such as setting different complex passwords for each resource (your server provider, working session, mail and so on)* \**Make sure to take care of 2FA as it is a strong defense against hacking in addition to the password.* *Most of all hacks and thefts happen not because of the skill of attackers, but because you initially make weak passwords, forget about 2FA, use the same password everywhere. Please take this point seriously.* ## Create user ```bash sudo adduser molot #create complex password ``` ### Giving permissions to new user: ```bash sudo usermod -aG sudo molot ``` ### To check whether new user is in a sudo group or not do the command ```bash sudo -l -U molot ``` ### join as new user ```bash su molot ``` ## Add the public key on server ```bash mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys cat > .ssh/authorized_keys ssh- Ctrl+D ``` {% hint style="info" %} Now you will need the private key you created to work with your Fullnode in the future {% endhint %} ## Close login and password access ```bash sudo nano /etc/ssh/sshd_config ``` Setting values: ```bash PermitRootLogin no PasswordAuthentication no # then restart service: sudo systemctl restart sshd ``` ## Turn auto updates off ```bash nano /etc/apt/apt.conf.d/20auto-upgrades ``` Set all on 0. ## Firewall settings (ufw) For the validator fullnode: ```bash sudo ufw allow 22 sudo ufw allow 6181/tcp sudo ufw allow 6182/tcp sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080 ``` For the validator: ```bash sudo ufw allow 22 sudo ufw allow 6180/tcp sudo ufw allow 6181/tcp sudo ufw deny 6182 sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080 ``` For a public fullnode: ```bash sudo ufw allow 22 sudo ufw allow 6182/tcp sudo ufw deny 9101 sudo ufw deny 80 sudo ufw deny 8080 ``` ### enable firewall ```bash sudo ufw enable ``` ## To monitor the healthiness of your Fullnode and react instantly I recommend [setting monitoring tools](/cryptomolot-docs/mainnets/aptos/tools-to-monitore-your-validator.md) and care about [alerts integration](/cryptomolot-docs/mainnets/aptos/tools-to-monitore-your-validator/alerts-for-your-validator-via-telegram-public.md). Hope someone will find this useful, thanks for reading and have a good day! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cryptomolot.gitbook.io/cryptomolot-docs/mainnets/aptos/fullnode-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.