When you first get a Linux VM there are several easy that you are able to do in order to easily secure your server against the majority of threats out there. While these are good tips, you will always need to take into account what you will be running on your server in the moment or in the future as they could open up new attack vectors that could bypass these security measures.
When you first get any server the first thing you should always do is update it to the latest version. In Linux, depending on the type of Linux you are running they can be a very simple one-line terminal command
For Ubuntu and Debian:
$ sudo apt update && Sudo apt upgrade -y
For Fedora, CentOS, and RHEL:
$ sudo dnf upgrade
In order to disable root login, we have to edit a configuration file, for these steps, we will be using Ubuntu, if you are using a different Linux os, Google should be able to assist you.
We need to edit a configuration file sshd_config and depending on the editor that you like to use, change
vi to what you prefer to use, I personally like VIM a lot.
sudo vi /etc/ssh/sshd_config
When you are in the text editor you are most comfortable with we need to find PermitRootLogin and change it to no.
After we make this change we need to restart the ssh service.
sudo service ssh restart
Creating a non-root user adds an extra security measure to your server as the default login for Linux which is root, is usually a bruteforced account by automated scanners, scanning the internet looking for root accounts with an easy to guess password in a dictionary list.
For Ubuntu 18.04 We first need to create a new user
$ sudo adduser <username>
After this, we need to give the account Sudo access
$ usermod -a -G sudo <username>
After this, you should always log in to your server using the new user account that you just made.
Using a firewall can be a simple or complex implementation depending on the type of firewall that you decide to use, for this we will be using UFW or uncomplicated firewall. The default UFW configuration allows all outbound traffic coming from your server but denies all inbound traffic trying to reach your server, in short, any application on your server can reach the internet but anything outside your server cannot connect to you, and if we are trying to host something, this is bad.
Let us start off with installing UFW so we can use it.
$ sudo apt install ufw
First things first we need to make sure we can even connect to our server and to do this we need to open the ssh port.
$ sudo ufw allow ssh
After this, if we are hosting anything that requires port 80 to be connected to, we need to open that up, assuming you will be using HTTPS at the same time we will also open that up.
$ sudo ufw allow http $ sudo ufw allow https
After we do all of this let's finally enable UFW with the command
$ sudo ufw enable
and if for whatever reason that you need to disable UFW this can easily be done with
$ sudo ufw disable
Fail2Ban scans the server logs and bans any IP address that shows any malicious intentions, this application can help provide another layer of defense in an extremely complicated environment.
We can first install Fail2Ban by using the command
$ sudo apt install fail2ban -y
Then we have to copy the configuration file which can easily be done by
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
And finally for the last part of the step all we have to do is restart the service
$ sudo service fail2ban restart
That's all there is to setting up Fail2Ban and hopefully following these steps can help secure your server, there are more steps you can always take that are not included but it will be up to you if you want to find it and implement them.
Copyright © Brandon-travis.com 2022.