Setting up and Securing Ubuntu server with a Basic Firewall

VPS(Virtual Private Servers) are commonly used to host and serve many types of services.  There are many providers that provide virtual servers. Many of these provide VPS’s with their custom-built Linux OS which is lightweight compared to their desktop versions. These OS have built-in security but we can make them better. This article helps you to set up a secure Ubuntu VPS server.

Disabling Root User

Now, after you create your VPS, login into the root account using SSH. The root account in Ubuntu has almost all the privileges to all the processes and data. Disabling root users makes VPS less vulnerable. Before you disable the root user, we must first create a new user and add sudo rights to that user.

ssh root@<your-vps-ip>

To create a new user and add admin rights, follow the commands below before they update ubuntu packages

sudo apt update && sudo apt upgrade
sudo adduser admin
usermod -aG sudo admin

The first command instructs Ubuntu to create a new user. It asks for basic details and passwords. After you complete it, a new user admin is created. The second command adds the “admin” user to sudo group.

adding new users

After creating a new user, we need to share ssh keys with the newly created user using the Rsync command.

rsync --archive --chown=admin:admin ~/.ssh /home/admin

If the commands run successfully, log out of the root user account and again login into the newly created admin user account, and open sshd config file using any terminal editor like nano (or) vim. You can use the commands below

ssh admin@<your-vps-ip>
sudo nano /etc/ssh/sshd_config

This will open the SSH config file. In the file, you need to comment on a line which is “PermitRootLoginnew  yes” and add a new line that is “AllowUsers Admin” at the end of the file. 

//comment out the below line
#PermitRootLogin yes
.
.
//Add this at the end of the file
AllowUsers admin

commenting out the line

adding new line

After adding the new line, exit from the editor, and restart ssh, you can use the below command which will block access to every user except the admin.

sudo service restart ssh

Setting up UFW

Uncomplicated Firewall(UFW) is a default program for managing a firewall in Ubuntu systems. It uses a command-line interface consisting of simple commands which can be found using man ufw. UFW is available by default on all the latest Ubuntu installations. UFW protects the server along with IPtables(An IP packet filter). If you are using your VPS for hosting your website, it’s better you only allow ports 22(SSH), 80(HTTP), 443(HTTPS). You can do that by running the command below.

sudo ufw allow OpenSSh
sudo ufw allow 80
sudo ufw allow 443
//starts the firewall
sudo ufw enable

allowing port 80

After adding all three lines, you can check your firewall status using the below command.

sudo ufw status

firewall active

This way, you can set up and secure your server before working on it. Some other things you need to do regularly are:-

• Keep the system up to date
• Remove unused packages
• Make your application secure
• Using strong passwords
• Disable IPv6 if you don’t use it
• Always use SSH, SFTP
• Encrypt your data at rest
• Monitor your logs
• It’s better to keep Cloudflare before your VPS