Setting up a new server, heard the cool kids talk about “server hardening,” but didn’t know what that meant?
Server hardening involves configuring the operating system and any running applications such that unauthorized access to your computers and network is more difficult.
Make sure your router has uPnP disabled, and don’t expose ports.
If possible, only expose your systems via a VPN, like tailscale.
First and foremost, back up any important files you have on your server.
Assuming your Linux server is running Ubuntu, look into installing the following packages:
sudo apt-get install unattended-upgrades dpkg-reconfigure -plow unattended-upgrades
this will apply security updates to your server periodically and automatically, but keep in mind that you’ll still need to manually reboot your server to apply kernel updates.
sudo apt-get install lynis lynis audit system
Running this will list a series of steps that you’ll need to do, including ssh hardening. Be sure to disable root logins, change your ssh port, and disable non-key-based authentication. Make sure you understand the impacts of any changes you make before you make them and find that you’ve locked yourself out of your own server!
lynis audit system to verify that you’ve made things better.
sudo apt-get install fail2ban rkhunter debsums rkhunter --check debsums -s
Seriously. Have backups. At least one copy must be offline. Ideally one or more copies are in different physical places.
Excellent: please leave a comment!