Setting up and Securing Ubuntu server with a Basic Firewall
VPS(Virtual Private Servers) are commonly used to host and serve many types of services. There are many providers that provide virtual servers. Many of these provide VPS’s with their custom-built Linux OS which is lightweight compared to their desktop versions. These OS have built-in security but we can make them better. This article helps you to set up a secure Ubuntu VPS server.
Disabling Root User
Now, after you create your VPS, login into the root account using SSH. The root account in Ubuntu has almost all the privileges to all the processes and data. Disabling root users makes VPS less vulnerable. Before you disable the root user, we must first create a new user and add sudo rights to that user.
To create a new user and add admin rights, follow the commands below before they update ubuntu packages
sudo apt update && sudo apt upgrade sudo adduser admin usermod -aG sudo admin
The first command instructs Ubuntu to create a new user. It asks for basic details and passwords. After you complete it, a new user admin is created. The second command adds the “admin” user to sudo group.
After creating a new user, we need to share ssh keys with the newly created user using the Rsync command.
rsync --archive --chown=admin:admin ~/.ssh /home/admin
If the commands run successfully, log out of the root user account and again login into the newly created admin user account, and open sshd config file using any terminal editor like nano (or) vim. You can use the commands below
ssh admin@<your-vps-ip> sudo nano /etc/ssh/sshd_config
This will open the SSH config file. In the file, you need to comment on a line which is “PermitRootLoginnew yes” and add a new line that is “AllowUsers Admin” at the end of the file.
//comment out the below line #PermitRootLogin yes . . //Add this at the end of the file AllowUsers admin
After adding the new line, exit from the editor, and restart ssh, you can use the below command which will block access to every user except the admin.
sudo service restart ssh
Setting up UFW
Uncomplicated Firewall(UFW) is a default program for managing a firewall in Ubuntu systems. It uses a command-line interface consisting of simple commands which can be found using man ufw. UFW is available by default on all the latest Ubuntu installations. UFW protects the server along with IPtables(An IP packet filter). If you are using your VPS for hosting your website, it’s better you only allow ports 22(SSH), 80(HTTP), 443(HTTPS). You can do that by running the command below.
sudo ufw allow OpenSSh sudo ufw allow 80 sudo ufw allow 443 //starts the firewall sudo ufw enable
After adding all three lines, you can check your firewall status using the below command.
sudo ufw status
This way, you can set up and secure your server before working on it. Some other things you need to do regularly are:-
- Keep the system up to date
- Remove unused packages
- Make your application secure
- Using strong passwords
- Disable IPv6 if you don’t use it
- Always use SSH, SFTP
- Encrypt your data at rest
- Monitor your logs
- It’s better to keep Cloudflare before your VPS