For this tutorial we are assuming that you already have fresh installed Ubuntu Server. We recommend to use LTS version of Ubuntu for your servers like Ubuntu 16.04 LTS, 14.04 LTS or 12.04 LTS. Now after installing Ubuntu server 16.04, 14.04 or 12.04 proceed for post installation setup of your server. This guide includes steps which is useful for configuring for server, increase security of server.
1. Upgrade Your System
First login to your Ubuntu server with root access and execute following command to upgrade all packages.
$ apt-get update $ apt-get upgrade
2. Create Sudo Account
Create a user account for system administration and configure it with sudo access. From now you will use this account to login to server and perform operation. We don’t recommend to use root user for each time login.
$ adduser sysadmin
Now add this user under sudo group, So that it can get all sudo privileges.
# adduser sysadmin sudo Adding user `sysadmin' to group `sudo' ... Adding user sysadmin to group sudo Done.
3. Secure OpenSSH
Now edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.
- Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
- Disable Root SSH Login – Also you would like to disable root login via ssh.
4. Setup Key Based SSH
This is good to configure your server to login with key based only and disable password login. Generate a key pair on your client system.
[email protected]:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa): /home/sysadmin/.ssh/id_rsa_10 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sysadmin/.ssh/id_rsa_10. Your public key has been saved in /home/sysadmin/.ssh/id_rsa_10.pub. The key fingerprint is: b8:78:02:69:a7:4a:92:e8:97:35:02:7e:ce:02:28:fc [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | . . . | |+ = . . S | |== * + . | |*.* * + | |+o E o | |..o | +-----------------+
Now copy generated public key .ssh/id_rsa.pub file content on servers ~/.ssh/authorized_keys directory. You can copy content directory on servers file or use following command.
$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Now login to server with SSH, It will not prompt for password again.
$ ssh [email protected]
5. Setup CSF Firewall
Now if you want, you can use CSF for managing your firewall. Follow the below steps to install it.
Download CSF latest source code using following commands on your system
$ sudo cd /opt $ sudo wget http://www.configserver.com/free/csf.tgz $ sudo tar xzf csf.tgz
Install CSF firewall using given install.sh script in source code. it will automatically do everything.
$ sudo cd /opt/csf $ sudo sh install.sh
Enable CSF to work as production. By default, it installed in test mode.
$ sudo vim /etc/csf/csf.conf TESTING=0
Finally restart CSF service using following command.
$ sudo cd /etc/csf $ sudo csf -r