Securing your Ubuntu VPS is essential for protecting data, ensuring stability, and preventing unauthorized access. Here’s a straightforward guide on some basic yet effective steps to secure an Ubuntu VPS.
1. Update Your System
Start by updating your system to ensure all software is up-to-date with the latest security patches.
sudo apt update && sudo apt upgrade -y2. Create a New User and Disable Root Login
For security, avoid using the root account directly and create a new user with sudo privileges.
- Create a new user:
sudo adduser yourusername - Add the user to the
sudogroup:sudo usermod -aG sudo yourusername - Switch to the new user:
su - yourusername - Disable root login by editing the SSH configuration file:
sudo nano /etc/ssh/sshd_configFind the line:
PermitRootLogin yesChange it to:
PermitRootLogin no- Restart SSH to apply changes:
sudo systemctl restart ssh
3. Enable Firewall (UFW)
Ubuntu’s Uncomplicated Firewall (UFW) provides a straightforward way to manage firewall settings.
- Allow SSH access:
sudo ufw allow OpenSSH - Enable the firewall:
sudo ufw enable - Check the status:
sudo ufw status
Optionally, if you’re hosting a web server, allow HTTP and HTTPS traffic:
sudo ufw allow http
sudo ufw allow https4. Change the Default SSH Port
Changing the SSH port can add an additional layer of security against automated attacks.
- Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config - Find the line:
#Port 22Uncomment and change22to your desired port, e.g.,2222:Port 2222 - Restart SSH to apply changes:
sudo systemctl restart ssh - Don’t forget to allow the new SSH port through the firewall:
bash sudo ufw allow 2222/tcp
5. Disable Password Authentication and Enable SSH Key Authentication
Using SSH keys instead of passwords enhances security.
- Generate an SSH key pair on your local machine:
ssh-keygen -t rsa -b 4096 - Copy your public key to your VPS:
ssh-copy-id -p 2222 yourusername@your_server_ip - Disable password authentication for SSH:
sudo nano /etc/ssh/sshd_configFind the line:PasswordAuthentication yesChange it to:PasswordAuthentication no - Restart SSH:
sudo systemctl restart ssh
6. Install Fail2ban
Fail2ban monitors login attempts and blocks IPs with repeated failures, protecting against brute-force attacks.
- Install Fail2ban:
sudo apt install fail2ban -y - Start and enable Fail2ban:
sudo systemctl start fail2ban sudo systemctl enable fail2ban - Configure Fail2ban by creating a local jail file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local - Modify settings as needed:
sudo nano /etc/fail2ban/jail.localYou can adjust the ban time, retry limits, and monitored services. - Restart Fail2ban:
sudo systemctl restart fail2ban
7. Install and Configure Automatic Updates
Automatic updates reduce the risk of security vulnerabilities by ensuring software remains current.
- Install the
unattended-upgradespackage:sudo apt install unattended-upgrades -y - Enable automatic updates:
sudo dpkg-reconfigure --priority=low unattended-upgrades
8. Regular Backups
Always keep regular backups to quickly recover in case of an attack or data loss. Many hosting providers, like Hosteons, offer backup solutions, making it easy to automate and restore from snapshots or backups.
Summary
By following these steps, you enhance the security of your Ubuntu VPS against common threats. Regular updates, secure login configurations, a robust firewall, and monitoring tools like Fail2ban all contribute to a safer and more reliable server environment. With these basics covered, your VPS will be better protected against potential attacks.
