In this tutorial, we are assuming that you already have fresh installed Ubuntu Server. We recommend using LTS version of Ubuntu for your servers like Ubuntu 16.04 LTS, 14.04 LTS. Now after installing Ubuntu server 16.04, 14.04 proceed for post-installation setup of your server. This guide includes steps which are useful for configuring for a server, increase the security of the server.
Step 1 – Upgrade Your System
First login to your Ubuntu server with root access and execute the following command to upgrade all packages.
sudo apt-get update sudo apt-get upgrade
Step 2 – Create Sudo Account
Create a user account for system administration and configure it with sudo access. From now you will use this account to log in to the server and perform an operation. We don’t recommend to use root user for each time login.
sudo adduser sysadmin
Now add this user to sudo group, So that it can get all sudo privileges.
sudo adduser sysadmin sudo Adding user `sysadmin' to group `sudo' ... Adding user sysadmin to group sudo Done.
Stpe 3 – Secure SSH Server
Now edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.
- Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
- Disable Root SSH Login – Also you would like to disable root login via ssh.
Step 4 – Setup Key-Based SSH
This is good to configure your server to login with key based only and disable password login. Generate a key pair on your client system.
ssh-keygenGenerating public/private rsa key pair. Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa): /home/sysadmin/.ssh/id_rsa_10 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sysadmin/.ssh/id_rsa_10. Your public key has been saved in /home/sysadmin/.ssh/id_rsa_10.pub. The key fingerprint is: b8:78:02:69:a7:4a:92:e8:97:35:02:7e:ce:02:28:fc [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | . . . | |+ = . . S | |== * + . | |*.* * + | |+o E o | |..o | +-----------------+
Now copy generated public key .ssh/id_rsa.pub file content on servers ~/.ssh/authorized_keys directory. You can copy content directory on servers file or use following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Now login to the server with SSH, It will not prompt for the password again.
Step 5 – Setup CSF Firewall (Optional)
Now if you want, you can use CSF for managing your firewall. Follow the below steps to install it.
Download CSF latest source code using following commands on your system
sudo cd /opt sudo wget https://download.configserver.com/csf.tgz sudo tar xzf csf.tgz
Install CSF firewall using given install.sh script in the source code. it will automatically do everything.
sudo cd /opt/csf sudo sh install.sh
Enable CSF to work as production. By default, it installed in test mode.
sudo vim /etc/csf/csf.conf TESTING=0
Finally restart CSF service using following command.
sudo cd /etc/csf sudo csf -r