Secure the Linux server

26.12.23

Miscellaneous

Do this with your newly installed Linux server.

Make sure the server is up to date:

apt update

apt dist-upgrade

 

1. Enable automatic updates

sudo apt install unattended-upgrades

dpkg-reconfigure --priority=low unattended-upgrades

 

2. Limit user accounts

Make a user account and give it root priveleges.

adduser 

usermod -aG sudo 

 

(3. Add RSA-Keys)

4. Edit hosts.allow & hosts.deny

To deny all ssh connection to the server, etid /etc/hosts.deny to match this:

sshd,sshdfws-X11:ALL

To allow one computer to accecss the server, edit this file /etc/hosts.allow to match this:

sshd,sshdfwd-X11: xxx.xxx.xxx.xxx (The IP address of the computer that should have access.)

 

5. Lockdown SSH

sudo nano /etc/ssh/sshd_config

Change port from 22 to another. 717?

Change AddressFamily to inet

Change PermitRootLogin to no

sudo systemctl restart sshd

 

6. FireWall

Install ufw (Uncomplicated FireWall)

sudo apt install ufw

To see help text

sudo ufw --help

Edit /etc/ufw/before.rules

Add the line. This line will ignore PING requests

-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

 

Check ufw status

sudo ufw status

Enable ports

sudo ufw allow xxx (portnumber)

Start the ufw server

sudo ufw enable

Back