cryptomolot docs
  • πŸ’Žcryptomolot
  • πŸ—οΈTestnets
    • Alignedlayer
      • How to create Public RPC Alignedlayer
    • Artela
      • How to create Public RPC Artela
    • Celestia
      • Celestia - Validator Node
      • Celestia - Bridge Node
      • How to create Public RPC Celestia
    • 0G (Zero Gravity)
      • 0G RPC Node
      • 0G Storage Node
        • Upgrade storage node 1.0.0
      • 0G DA Node
      • How to create Public RPC 0G
      • Monitoring tool
      • Snapshot
    • Side Protocol
      • How to create Public RPC Side
    • Warden Protocol
    • Story Protocol
      • Upgrade node
      • Cheatsheet
      • Monitoring tool
      • Alerts about your node failures
  • πŸš€Mainnets
    • Aptos
      • Tools to monitore your validator
        • Alerts for your validator via telegram public
      • How to move node using snapshot
      • Fullnode security
      • Snapshot
Powered by GitBook
On this page
  • Important preface:
  • Create user
  • Giving permissions to new user:
  • To check whether new user is in a sudo group or not do the command
  • join as new user
  • Add the public key on server
  • Close login and password access
  • Turn auto updates off
  • Firewall settings (ufw)
  • enable firewall
  • To monitor the healthiness of your Fullnode and react instantly I recommend setting monitoring tools and care about alerts integration.
  1. Mainnets
  2. Aptos

Fullnode security

Hey folks! I want to break down the basics of Aptos Fullnode security, which should generally be enough for you to be confident your full node is in safety.

After you set your Fullnode you should think about safeguarding it to make Aptos network more stable and secure.

Important preface:

*you need to follow general security rules, such as setting different complex passwords for each resource (your server provider, working session, mail and so on)

*Make sure to take care of 2FA as it is a strong defense against hacking in addition to the password.

Most of all hacks and thefts happen not because of the skill of attackers, but because you initially make weak passwords, forget about 2FA, use the same password everywhere. Please take this point seriously.

Create user

sudo adduser molot #create complex password

Giving permissions to new user:

sudo usermod -aG sudo molot

To check whether new user is in a sudo group or not do the command

sudo -l -U molot

join as new user

su molot

Add the public key on server

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys
cat > .ssh/authorized_keys
ssh-<your_public_sshkey>
Ctrl+D

Now you will need the private key you created to work with your Fullnode in the future

Close login and password access

sudo nano /etc/ssh/sshd_config

Setting values:

PermitRootLogin no
PasswordAuthentication no
# then restart service:
sudo systemctl restart sshd

Turn auto updates off

nano /etc/apt/apt.conf.d/20auto-upgrades

Set all on 0.

Firewall settings (ufw)

For the validator fullnode:

sudo ufw allow 22
sudo ufw allow 6181/tcp
sudo ufw allow 6182/tcp
sudo ufw deny 9101
sudo ufw deny 80
sudo ufw deny 8080

For the validator:

sudo ufw allow 22
sudo ufw allow 6180/tcp
sudo ufw allow 6181/tcp
sudo ufw deny 6182
sudo ufw deny 9101
sudo ufw deny 80
sudo ufw deny 8080

For a public fullnode:

sudo ufw allow 22
sudo ufw allow 6182/tcp
sudo ufw deny 9101
sudo ufw deny 80
sudo ufw deny 8080

enable firewall

sudo ufw enable

Hope someone will find this useful, thanks for reading and have a good day!

PreviousHow to move node using snapshotNextSnapshot

Last updated 7 months ago

To monitor the healthiness of your Fullnode and react instantly I recommend and care about .

πŸš€
setting monitoring tools
alerts integration