vegibit

How To Secure Ubuntu Server

Click to share! ⬇️

Ubuntu Server is a popular operating system for servers and other critical infrastructure due to its stability, security, and flexibility. However, like any operating system, it is important to take steps to secure Ubuntu Server and keep it up to date with the latest security patches.

In this tutorial, we will cover various techniques for securing Ubuntu Server and keeping it up to date with security patches. We will cover topics such as setting up a firewall, updating software and installing security patches, enabling SSH key-based authentication, hardening SSH configuration, securing FTP access, disabling unused services, and monitoring system activity and logs. By the end of this tutorial, you should have a good understanding of how to secure your Ubuntu Server and keep it safe from threats.

Securing a server is an ongoing process and requires regular maintenance and updates. It is also important to keep in mind that the specific steps you need to take to secure your server will depend on your specific needs and requirements.

Setting Up a Firewall on Ubuntu Server

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall can help protect your Ubuntu Server from unauthorized access and other threats by blocking or restricting access to certain services and ports.

Ubuntu Server comes with a built-in firewall called ufw (Uncomplicated Firewall). ufw is a frontend for the iptables firewall and is designed to be easy to use and configure.

To set up a firewall using ufw, you can follow these steps:

  1. Install ufw: If ufw is not already installed on your Ubuntu Server, you can install it using the following command:
sudo apt-get install ufw
  1. Enable ufw: To enable ufw, you can use the following command:
sudo ufw enable

This will enable the firewall and apply the default rules, which allow incoming SSH connections and block all other incoming connections.

  1. Allow or deny specific services or ports: You can use the ufw allow and ufw deny commands to allow or deny specific services or ports. For example, to allow incoming HTTP and HTTPS connections, you can run the following commands:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

To deny incoming Telnet connections, you can run the following command:

sudo ufw deny 23/tcp
  1. View the firewall status: You can use the ufw status command to view the current status of the firewall and the rules that are applied.
sudo ufw status

This will output information about the current firewall status, including the default policies, the number of rules, and the active rules. By setting up a firewall using ufw, you can protect your Ubuntu Server from unauthorized access and other threats by controlling access to specific services and ports. Remember to regularly review and update your firewall rules to ensure that your server is secure.

It is also important to note that a firewall is only one aspect of securing your Ubuntu Server. You should also consider other measures such as updating software and installing security patches, enabling SSH key-based authentication, hardening SSH configuration, securing FTP access, disabling unused services, and monitoring system activity and logs.

Updating Software and Installing Security Patches on Ubuntu Server

One of the key aspects of securing your Ubuntu Server is keeping it up to date with the latest software and security patches.

Ubuntu Server includes a package management system called APT (Advanced Packaging Tool) that allows you to easily install, update, and remove software packages on the system.

To update the software packages on your Ubuntu Server, you can use the apt-get update command. This command retrieves the latest package lists from the package repositories and updates the local package cache.

sudo apt-get update

To upgrade the installed software packages to the latest versions, you can use the apt-get upgrade command. This command installs any available updates for the installed packages.

sudo apt-get upgrade

To install security patches, you can use the apt-get dist-upgrade command. This command performs a more comprehensive upgrade that may include changes to the package dependencies, and is generally used to install security patches.

sudo apt-get dist-upgrade

It is a good practice to regularly update the software packages and install security patches on your Ubuntu Server to ensure that it is secure and up to date. You can automate this process by using tools such as unattended-upgrades or setting up a cron job to run the update commands on a regular basis.

Keep in mind that updating software and installing security patches may require a restart of the system to take effect. It is a good idea to schedule updates and patches during a maintenance window to minimize disruption to your services.

Enabling SSH Key-Based Authentication on Ubuntu Server

SSH (Secure Shell) is a network protocol that allows you to securely access and manage your Ubuntu Server remotely. One way to improve the security of your SSH connections is to enable SSH key-based authentication.

In SSH key-based authentication, a public/private key pair is used to authenticate the user. The public key is placed on the server, and the private key is kept on the client. When the client attempts to connect to the server, it uses the private key to prove its identity to the server. This allows the user to log in without entering a password, and is more secure than password-based authentication because it is much harder to crack.

To enable SSH key-based authentication on your Ubuntu Server, you can follow these steps:

  1. Generate a public/private key pair: On the client machine, use the ssh-keygen command to generate a public/private key pair. This will create a private key file (usually named id_rsa) and a public key file (usually named id_rsa.pub) in the ~/.ssh directory.
ssh-keygen
  1. Copy the public key to the server: Use the ssh-copy-id command to copy the public key to the server. Replace user with the username on the server and server_ip with the IP address or hostname of the server.
ssh-copy-id user@server_ip
  1. Enable key-based authentication: On the server, edit the /etc/ssh/sshd_config file and set the PasswordAuthentication option to no to disable password-based authentication.
PasswordAuthentication no
  1. Restart the SSH service: Use the following command to restart the SSH service to apply the changes.
sudo systemctl restart ssh

By enabling SSH key-based authentication, you can improve the security of your SSH connections and protect your Ubuntu Server from unauthorized access. Remember to keep your private key file secure and make a backup copy in case it is lost or corrupted.

Hardening SSH Configuration on Ubuntu Server

In addition to enabling SSH key-based authentication, there are other steps you can take to harden the SSH configuration on your Ubuntu Server and improve the security of your SSH connections.

Here are some recommendations for hardening the SSH configuration on your Ubuntu Server:

  1. Change the default SSH port: By default, the SSH service listens on port 22. However, you can change the default port to a different, unused port to make it more difficult for attackers to find and access the service. To change the default SSH port, edit the /etc/ssh/sshd_config file and set the Port option to the desired port number.
Port 2222
  1. Disable root login: It is generally a good idea to disable direct root login via SSH to prevent brute-force attacks on the root account. To disable root login, edit the /etc/ssh/sshd_config file and set the PermitRootLogin option to no.
PermitRootLogin no
  1. Use SSH keys for authentication: As mentioned in the previous section, you can improve the security of your SSH connections by using SSH keys for authentication instead of passwords. To enable SSH key-based authentication, edit the /etc/ssh/sshd_config file and set the PasswordAuthentication option to no.
PasswordAuthentication no
  1. Enable SSH protocol version 2: SSH protocol version 2 is more secure than version 1 and should be used whenever possible. To enable SSH protocol version 2, edit the /etc/ssh/sshd_config file and set the Protocol option to 2.

Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security by requiring the user to provide a second form of authentication, such as a one-time passcode, in addition to the SSH key or password. To enable 2FA for SSH, you can use a tool such as Google Authenticator or OTPW.

Limit access to specific users or groups: You can use the AllowUsers, AllowGroups, and DenyUsers options in the /etc/ssh/sshd_config file to limit access to specific users or groups. For example, to allow access to the users “john” and “sarah” and the group “admins”, you can add the following lines to the configuration file:

AllowUsers john sarah
AllowGroups admins

By hardening the SSH configuration on your Ubuntu Server, you can improve the security of your SSH connections and protect your server from unauthorized access. Remember to regularly review and update your SSH configuration to ensure that it is secure.

Protocol 2

Securing FTP Access on Ubuntu Server

FTP (File Transfer Protocol) is a popular protocol for transferring files between computers. If you have an FTP server running on your Ubuntu Server, it is important to take steps to secure FTP access to protect your server from unauthorized access and other threats.

Here are some recommendations for securing FTP access on your Ubuntu Server:

  1. Use SFTP instead of FTP: SFTP (SSH File Transfer Protocol) is a secure version of FTP that uses an SSH connection to encrypt the data transferred between the client and the server. It is generally more secure than regular FTP and is recommended for use on servers. You can use SFTP by connecting to the server using an SFTP client such as FileZilla or by using the sftp command in a terminal.
  2. Use SSH keys for authentication: Instead of using passwords for authentication, you can use SSH keys to secure FTP access. This adds an extra layer of security and makes it more difficult for attackers to guess or brute-force the login credentials.
  3. Limit access to specific users or groups: You can use the AllowUsers, AllowGroups, and DenyUsers options in the /etc/ssh/sshd_config file to limit FTP access to specific users or groups. For example, to allow access to the users “john” and “sarah” and the group “admins”, you can add the following lines to the configuration file:
AllowUsers john sarah
AllowGroups admins
  1. Use strong passwords: If you are using password-based authentication for FTP, it is important to use strong, unique passwords to protect your server from brute-force attacks.
  2. Enable two-factor authentication: Two-factor authentication (2FA) adds an extra layer of security by requiring the user to provide a second form of authentication, such as a one-time passcode, in addition to the password. To enable 2FA for FTP, you can use a tool such as Google Authenticator or OTPW.

By following these recommendations, you can secure FTP access on your Ubuntu Server and protect it from unauthorized access and other threats. Remember to regularly review and update your FTP configuration to ensure that it is secure.

Disabling Unused Services on Ubuntu Server

It is a good practice to disable any unused services on your Ubuntu Server to reduce the attack surface and improve security. Unused services can be a potential security risk because they may have vulnerabilities that can be exploited by attackers.

To disable an unused service on your Ubuntu Server, you can follow these steps:

Identify the unused service: Use the systemctl command to list the active services on your Ubuntu Server.

systemctl list-units --type=service

This will list all the active services on the system, along with their status and other information. Look for any services that you do not use and do not need on the server.

Disable the unused service: To disable an unused service, use the systemctl disable command followed by the name of the service. For example, to disable the telnet service, you can use the following command:

sudo systemctl disable telnet.service

Verify that the service is disabled: To verify that the service has been disabled, you can use the systemctl is-enabled command followed by the name of the service.

systemctl is-enabled telnet.service

This will output disabled if the service is disabled or enabled if it is not.

By disabling unused services on your Ubuntu Server, you can reduce the attack surface and improve the security of your server. Remember to regularly review the active services on your server and disable any unused services to ensure that your server is secure.

Monitoring System Activity and Logs on Ubuntu Server

Monitoring system activity and logs is an important aspect of securing your Ubuntu Server and detecting potential security issues. By regularly reviewing the system logs and monitoring key system activity, you can identify potential security threats and take steps to address them.

Here are some tips for monitoring system activity and logs on your Ubuntu Server:

Review the system logs: The system logs contain information about system events, including system errors, security alerts, and other important messages. You can use the journalctl command to view the system logs in real-time or the less command to view them in a paginated format.

journalctl -f
less /var/log/syslog

Monitor system resources: You can use tools such as top, htop, or glances to monitor the usage of key system resources such as CPU, memory, and disk space. This can help you identify potential issues or bottlenecks on the system.

top
htop
glances

Monitor network activity: You can use tools such as tcpdump or wireshark to monitor network activity and identify potential security issues. For example, you can use these tools to monitor incoming and outgoing traffic, identify suspicious patterns, or track down the source of an attack.

tcpdump
wireshark

Set up alerts: You can set up alerts to notify you of potential security issues or other important events. For example, you can use tools such as logwatch or logcheck to monitor the logs and send alerts when certain patterns or keywords are detected. By monitoring system activity and logs on your Ubuntu Server, you can identify potential security issues and take steps to address them.

Click to share! ⬇️

How To Manage Users Groups And Permissions On Ubuntu Server How To Manage Services And Processes on Ubuntu Server How To Set Up Networking On Ubuntu Server How To Set Up Nginx On Ubuntu Server What Are Some EC2 Instance Types How To Create An Ubuntu Server On AWS EC2