[KnowledgeBase] How to secure a Ubuntu Server Installation

This can not be a complete guidance, but it is a start. At least these are some things you should do everytime you setup a new server. Another good guide, which also explains how to setup a certificate based auth can be found here.

1. Disallow Root Login via SSH

  • Create a new user and add him to sudo group

    adduser friendlyuser
    usermod -aG sudo friendlyuser
    
  • disallow login of root via ssh, therefore open up /etc/ssh/sshd_config and uncomment or add this line

    PermitRootLogin no
    

2. Setup UFW

UFW is a firewall. The following commands will:

  • list all available configuration settings

  • allow SSH traffic

  • enable the UFW firewall

  • check its status and all active rules

sudo ufw app list
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

To allow any port you like, just use the allow command like this:

sudo ufw allow 1234

UFW will then update the rules

3. Setup Fail2Ban

It is useful to install Fail2Ban because as soon as you have port 22 open, bots will start bruteforcing it. The following is only a very rough getting started. For more infos please visit the vendors website.

  • Install Fail2Ban

    sudo apt-get install fail2ban 
    
  • Configure it in /etc/fail2ban/fail2ban.local, you can also have a look at /etc/fail2ban/fail2ban.conf for more samples. You could do it like this:

    [DEFAULT]
    ignoreip = 127.0.0.1
    bantime  = 3600
    maxretry = 5 
    
    [ssh]
    enabled = true
    port    = ssh
    filter  = sshd
    logpath  = /var/log/auth.log
    maxretry = 5 
    then restart the service
    sudo /etc/init.d/fail2ban restart
    
  • then restart the service

    sudo /etc/init.d/fail2ban restart