W elcome to server hardening 101. Here, we are going to let you know the basic measures by which you can increase the security of your servers and block the basic attacks that are happening/might happen on your server.
You can’t hold firewalls and intrusion detection systems accountable. You can only hold people accountable.
Daryl White, DOI CIO
W elcome to server hardening 101. Here, we are going to let you know the basic measures by which you can increase the security of your servers and block the basic attacks that are happening/might happen on your server.
Below are the basic points that are helpful in securing a server, I will explain each point in detail and also show how to configure a firewall, add a non-root user, change default ports of standard services.
# update the apt package manager's list, and fetch if the new version of packages are available $ sudo apt update # upgrade all the packages which are available in the added repositories. $ sudo apt upgrade
# add user named "adminuser", replace it with your desired username
$ adduser adminuser
# add user named "adminuser" to sudoers list for admin rights
$ usermod -aG sudo adminuser
# switch user as root in the current shell
$ sudo su - root
# block all the incoming connection to the server using UFW
$ sudo ufw default deny incoming
# allow OpenSSH ports in UFW
$ sudo ufw allow OpenSSH
# enable UFW
$ sudo ufw enable
# open sshd_config using nano
$ sudo nano /etc/ssh/sshd_config
# Port 22
# open MySQL config file using nano
$ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
port = 3306
# allow your custom port in UFW
$ sudo ufw allow <port_number>
AddressFamily inet
AddressFamily inet6
# append AddressFamily at the end of sshd_config and display it
$ echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config
So, this is how we can secure a server by applying the basic steps, these are very robust methods which sets a base to further more increase the security.