We all know the security of the Ubuntu server is very important because all of our services are running on it. If we do not make it stubborn to hack then our server will become very easier for hackers can attack. Finally, we will lose all services. That’s terrible!
Today, I will give you a list of things for hardening the Ubuntu server.
1. Update your system
$ sudo apt-get update -y $ sudo apt-get upgrade -y $ sudo apt-get autoremove $ sudo apt-get autoclean
If you do not have a non-root user, please create one. Otherwise you can go to step 3
2. Create a non-root user and allow a sudo privileges
$ useradd -m -s /bin/bash myserver # Create a new user called myserver $ passwd myserver # Set the password $ usermod -aG sudo myserver # Add myserver to sudo group
3. Disable root account
$ sudo passwd -l root
Note: If you want to re-enable it, just do the command below
$ sudo passwd -u root
4. Use SSH keys instead of using ssh password
Create a new ssh key pair on your local machine:
Copy the public ssh key to your server:
$ ssh-copy-id -i /home/techsavvy/.ssh/id_rsa.pub myserver@ipaddress
Login to your server and open the file
/etc/ssh/sshd_config then change these default values to recommend value:
- Port <port number that you like>
- PermitEmptyPasswords no
- PermitRootLogin no
- PasswordAuthentication no
- ClientAliveInterval 300
- LogLevel VERBOSE
Save your change. Then open the file /etc/pam.d/shd then comment 2 lines:
- session optional pam_motd.so motd=/run/motd.dynamic noupdate
- session optional pam_motd.so
After that restart ssh service:
$ sudo service sshd reload
Logout of your server and login again. For now you do not need to type your password:
# ssh myserver@ipaddress -p <your port you just set above>
5. Secure Shared Memory
Open the file /etc/fstab and add the following line to the bottom of this file:
tmpfs /run/shm tmpfs ro,noexec,nosuid 0 0
Reboot your sever!
Please refer this link, you will find much more good information for hardening Ubuntu server.
Thank you and hope your server security!