How to harden your ubuntu server

We all know the security of the Ubuntu server is very important because all of our services are running on it. If we do not make it stubborn to hack then our server will become very easier for hackers can attack. Finally, we will lose all services. That’s terrible!
Today, I will give you a list of things for hardening the Ubuntu server.

1. Update your system

$ sudo apt-get update -y
$ sudo apt-get upgrade -y
$ sudo apt-get autoremove
$ sudo apt-get autoclean

If you do not have a non-root user, please create one. Otherwise you can go to step 3

2. Create a non-root user and allow a sudo privileges

$ useradd -m -s /bin/bash myserver         # Create a new user called myserver
$ passwd myserver                          # Set the password
$ usermod -aG sudo myserver                # Add myserver to sudo group

3. Disable root account

$ sudo passwd -l root

Note: If you want to re-enable it, just do the command below

$ sudo passwd -u root

4. Use SSH keys instead of using ssh password

Create a new ssh key pair on your local machine:


Copy the public ssh key to your server:

$ ssh-copy-id -i /home/techsavvy/.ssh/id_rsa.pub myserver@ipaddress

Login to your server and open the file /etc/ssh/sshd_config then change these default values to recommend value:

  • Port <port number that you like>
  • PermitEmptyPasswords no
  • PermitRootLogin no
  • PasswordAuthentication no
  • ClientAliveInterval 300
  • LogLevel VERBOSE

Save your change. Then open the file /etc/pam.d/shd then comment 2 lines:

  • session optional pam_motd.so motd=/run/motd.dynamic noupdate
  • session optional pam_motd.so

After that restart ssh service:

$ sudo service sshd reload

Logout of your server and login again. For now you do not need to type your password:

# ssh myserver@ipaddress -p <your port you just set above>

5. Secure Shared Memory

Open the file /etc/fstab and add the following line to the bottom of this file:

tmpfs	/run/shm	tmpfs	ro,noexec,nosuid	0 0

Reboot your sever!

Please refer this link, you will find much more good information for hardening Ubuntu server.

Thank you and hope your server security!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s