Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
It should be a red flag if the root account has a password at all. Shouldn’t be able to access it without sudo (or in extreme cases, after a single-user boot).
Also, I thought SSH root login was disabled by default. Has been in all Debian and RedHat variants I’ve ever used…
If you install Debian yourself, it asks you to set a root password. If you don’t provide one, it disables root and enables sudo.
Of course, if you’re running Debian provided by a cloud provider, it’s however they set it up for you.