Hardening Linux Server Infrastructures
Setting up an Ubuntu server requires implementing robust access controls. Running a server under the default root credentials exposes it to major security risks. Always create dedicated admin users and enforce key-based SSH authentication to block unauthorized access.
Setting up Fail2Ban Brute Force Shielding
Fail2Ban is a daemon that scans log files for malicious traffic. If an IP address fails to authenticate multiple times, Fail2Ban updates your iptables firewall rules to block the source. Install it using apt:
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Step-by-Step Instructions
Connect via SSH and Update Repositories
Connect to your server: "ssh root@server_ip". Run update commands to fetch the latest security patches: "sudo apt update && sudo apt upgrade -y".
Create a Non-Root Admin User
Create a secure user with admin privileges: "adduser username" followed by "usermod -aG sudo username".
Configure SSH Port and Disable Root login
Edit config file: "sudo nano /etc/ssh/sshd_config". Change the SSH port from 22 to a custom value, set "PermitRootLogin no", and restart sshd.
Configure UFW Firewall Settings
Allow your custom SSH port: "sudo ufw allow custom_port/tcp", allow HTTP/HTTPS ports, and enable the firewall: "sudo ufw enable".
Install Nginx Web Server Core
Deploy Nginx: "sudo apt install nginx -y". Confirm the service is active and running: "sudo systemctl status nginx".
Leave a Reply
Your email address will not be published. Required fields are marked *