Initial Server Security Setup

Overview

When you first deploy a VPS, taking a few security steps will significantly reduce your risk of compromise. This guide covers essential hardening for a new Linux server.

1. Update Your System

Before anything else, ensure your system is fully updated:

Ubuntu / Debian

apt update && apt upgrade -y

AlmaLinux / Rocky Linux / CentOS

dnf update -y

2. Create a Non-Root User

Avoid using root for daily tasks. Create a regular user with sudo privileges:

# Create user
adduser yourusername

# Add to sudo group (Ubuntu/Debian)
usermod -aG sudo yourusername

# Or add to wheel group (RHEL-based)
usermod -aG wheel yourusername

3. Set Up SSH Key Authentication

SSH keys are more secure than passwords. On your local machine:

# Generate a key pair (if you do not have one)
ssh-keygen -t ed25519 -C "your_email@example.com"

# Copy your public key to the server
ssh-copy-id yourusername@YOUR_SERVER_IP

Test that you can log in with the key before proceeding.

4. Disable Root Password Login

Once SSH keys work, disable password authentication for root:

# Edit SSH config
nano /etc/ssh/sshd_config

Find and set these values:

PermitRootLogin prohibit-password
PasswordAuthentication no

Restart SSH:

systemctl restart sshd

Warning: Ensure your SSH key works before disabling password authentication, or you may lock yourself out.

5. Configure a Firewall

Allow only necessary ports. See our firewall setup guide for detailed instructions.

Quick UFW setup (Ubuntu/Debian):

ufw allow 22/tcp
ufw enable

6. Install Fail2Ban

Fail2Ban blocks IP addresses that show malicious signs (e.g., repeated failed logins):

Ubuntu / Debian

apt install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

AlmaLinux / Rocky Linux

dnf install epel-release -y
dnf install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

7. Enable Automatic Security Updates (Optional)

For Ubuntu/Debian, unattended-upgrades can automatically install security patches:

apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

Security Checklist

Task	Status
System updated	[ ]
Non-root user created	[ ]
SSH keys configured	[ ]
Root password login disabled	[ ]
Firewall enabled	[ ]
Fail2Ban installed	[ ]

Next Steps

For additional security, consider:

Changing the default SSH port (optional, security through obscurity)
Setting up regular backups
Installing and configuring intrusion detection (e.g., OSSEC)

Categorias

Categorias

Nuvem de tags

Suporte

Overview

1. Update Your System

Ubuntu / Debian

AlmaLinux / Rocky Linux / CentOS

2. Create a Non-Root User

3. Set Up SSH Key Authentication

4. Disable Root Password Login

5. Configure a Firewall

6. Install Fail2Ban

Ubuntu / Debian

AlmaLinux / Rocky Linux

7. Enable Automatic Security Updates (Optional)

Security Checklist

Next Steps

Esta resposta foi útil?

Artigos Relacionados

How to Set Up a Basic Firewall (UFW)

Monitoring Your VPS Resource Usage

Categorias

Categorias

Nuvem de tags

Suporte

Initial Server Security Setup

Overview

1. Update Your System

Ubuntu / Debian

AlmaLinux / Rocky Linux / CentOS

2. Create a Non-Root User

3. Set Up SSH Key Authentication

4. Disable Root Password Login

5. Configure a Firewall

6. Install Fail2Ban

Ubuntu / Debian

AlmaLinux / Rocky Linux

7. Enable Automatic Security Updates (Optional)

Security Checklist

Next Steps

Esta resposta foi útil?

Artigos Relacionados

How to Set Up a Basic Firewall (UFW)

Monitoring Your VPS Resource Usage

Gerar Senha