How to Secure Ubuntu server 20.04

Louis SanchezAugust 15th 2021, 3:55

Linux is considered to be a well secured operating system. It is quite easy to maintain the security and protect our systems from unauthorized access by following a few simple norms or rules.

You will need access to a root or account with sudo privileges. These steps are intended for a new server setup. You can apply them selectively for the servers already in productions.

Step 1 : Install updates from the Ubuntu repository. You can install all the available updates or just select security updates, depending on your choice and requirement:

sudo apt-get update
sudo apt-get upgrade

Step 2 : Change the root password; set a strong and complex root password and note it down somewhere. You are not going to use it every day

sudo passwd

Step 3 : Add a new user account and set a strong password for it. You can skip this step if the server has already set up a non-root account, like Ubuntu

sudo adduser john
sudo passwd john

Step 4 : Add a new user to the Sudoers group:

sudo adduser john sudo

Step 5 : Enable the public key authentication over SSH and import your public key to new user's authorized_keys file.

Step 6 : Restrict SSH logins:

# Change the default SSH port
port 2222
# Disable root login over SSH
PermitRootLogin no
# Disable password authentication
PasswordAuthentication no
# Restrict users and allow IP address
AllowUsers john@(your-ip) john@(other-ip)

Step 7 : Install fail2ban to protect against brute force attacks and set a new SSH port in the fail2ban configuration

sudo apt-get install fail2ban

Step 8 : Optionally, install UFW and allow your desired ports:

sudo ufw allow from {your_IP} to any port 22 proto tcp
sudo ufw allow 80/tcp
sudo ufw enable

Step 9 : Maintain periodic snapshots (full-disk backups) of your server. Many cloud service providers offer basic snapshot tools.

Step 10 : Keep an eye on application and system logs. You may like to set up log-monitoring scripts that will e-mail any unidentified log entry.