How to Secure Ubuntu Server

Edited 4 days ago by ExtremeHow Editorial Team

SecurityUbuntuServerBest PracticesLinuxConfigurationOperating SystemsAdministrationSystemNetworking

Securing Ubuntu Server is an essential task to protect your data, applications and users from malicious attacks. This guide provides detailed explanation on how to secure your Ubuntu Server covering various aspects including user management, service security, network management, monitoring and more.

1. Regular system updates

The first and most important step to keeping your Ubuntu server secure is to keep it up-to-date. Running system updates ensures that your server has the latest security patches and software updates. Keeping systems and software up-to-date reduces vulnerabilities that attackers can exploit.

<!-- Command to update the server --> sudo apt-get update sudo apt-get upgrade

2. User management

User accounts on your Ubuntu server should be managed carefully. Make sure every administrative task is delegated to a particular user through a non-root account. This helps track changes and secure sensitive operations.

Create a new user

Start by creating a new user account for everyday administrative tasks.

<!-- Command to add a new user --> sudo adduser mynewuser

Grant administrative privileges

If you want this user to have administrative privileges, add them to the sudo group.

<!-- Command to add user to sudo group --> sudo usermod -aG sudo mynewuser

SSH access

To secure the SSH server, avoid direct login with the root user. Edit the SSH configuration to increase security.

<!-- Edit the SSH configuration file --> sudo nano /etc/ssh/sshd_config <!-- Change or set the following directives --> PermitRootLogin no PasswordAuthentication no

3. Secure SSH

SSH (Secure Shell) is a basic service for connecting to your server remotely. Start by changing the default SSH port to reduce the number of bots attacking the SSH port. Choose a port number greater than 1024.

<!-- Change the SSH port in the configuration file --> sudo nano /etc/ssh/sshd_config <!-- Look for #Port 22 and change it to --> Port 2202

After making these changes, restart the SSH service:

<!-- Restart the SSH service for changes to take effect --> sudo systemctl restart ssh

4. Use SSH keys for authentication

SSH keys provide a more secure authentication method than passwords and should therefore be used wherever possible. Default passwords can be easy to guess; SSH keys are much harder to break.

1. Generate SSH keys on your local machine:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Copy the public key to your server:

ssh-copy-id mynewuser@your_server_ip -p 2202

3. Verify that key-based authentication is working:

ssh mynewuser@your_server_ip -p 2202

5. Configure the firewall

A firewall controls the flow of incoming and outgoing network traffic. Ubuntu uses Uncomplicated Firewall (UFW) as the default tool. Use UFW to allow only essential services.

<!-- Enable UFW and allow OpenSSH --> sudo ufw allow OpenSSH sudo ufw enable

6. Intrusion detection and prevention system

Running an intrusion detection system will help you keep track of suspicious activity. Tools like Fail2ban can protect services by banning IPs that show malicious signals.

<!-- Install Fail2ban --> sudo apt-get install fail2ban

Customize monitoring behavior in the configuration file.

<!-- Fail2ban configuration file --> sudo nano /etc/fail2ban/jail.local

7. Secure shared/temporary resources

Ensure that file permissions of critical data and configuration files are secure. The `/tmp` directory should be secured to prevent exploitation.

<!-- Secure /tmp with noexec,nosuid --> sudo vi /etc/fstab <!-- Add or modify line for tmp --> tmpfs /tmp tmpfs defaults,noexec,nosuid 0 0

8. Scan for viruses and malware

Although the threat of malware on Linux is very low, tools like ClamAV can be used to scan and remove malware from your Ubuntu server.

<!-- Install ClamAV and ClamTK --> sudo apt install clamav clamtk

9. Enable two-factor authentication (2FA)

To make your server more secure, enable two-factor authentication using Google Authenticator. Install the package and configure it to require credentials as well as an additional one-time password.

<!-- Install Google Authenticator --> sudo apt-get install libpam-google-authenticator <!-- Set up Google Authenticator for a user --> google-authenticator

10. Monitor logs and setup alerts

Monitor logs and configure alert setups for inconsistencies and unusual activities that may point to potential breaches.

<!-- View logs using journalctl or log files directly --> journalctl -xe less /var/log/auth.log

Setup a tool like Logwatch to summarize daily log reports straight to your email.

<!-- Install logwatch --> sudo apt install logwatch

11. Backup regularly

Data backups are an essential part of maintaining server security. Performing regular backups ensures that you can recover from data losses caused by attacks or hardware failures.

<!-- Using rsync for backup --> rsync -avh /path/to/source /path/to/destination

Consider automating backups using tools like cron jobs to ensure uninterrupted service.

Conclusion

By following these steps, you can significantly increase the security status of your Ubuntu server. Remember that security is an ongoing process that involves regularly updating, monitoring, and maintaining your systems. Implement auditing protocols to ensure continued security, perform regular audits, and stay informed about security news and updates related to Ubuntu and its stack.

  Share This Article

If you find anything wrong with the article content, you can request an update