CoachFullStack

First few minutes on your Linux server

After booting up your Linux server, what you want to do, is to make sure, that your instance is secure against most common threats. In this short guide I go over steps you need to take to achieve basic security level on your Linux server.

I am using Debian distribution of Linux.

1. Login into your server through SSH.

ssh root@<SERVER_IP>

When prompted to input your password, provide your password and you should be logged in into your server.

2. Update your server software and repositories.

Having your software up to date, may get rid of vulnerabilities, present in previous versions of programs intstalled on your server.

To do it, use commands:

apt update && apt upgrade

3. Create user account, that you will use to login into server.

To create user, simply use command

adduser <username>

4. Add just created user to sudo group.

That will enable you to execute commands with administrator privileges from your user account.

To do it, use command:

usermod -a -G sudo <username>

5. Setup firewall.

Firewall is a security mechanism, that oversees traffic going in and going out from your server. It blocks or allows traffic, based on the security rules, that you put in place, at the time of configuration.

Configuration, shown below, is created assuming, that you will want to use Linux server to accept HTTP and HTTPS requests.

In case you want other ports opened and close, feel free to modify configuration, so that it fits your needs.

For this task, I prefer to use iptables

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# SSH
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# HTTP
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# HTTPS
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP

Now you want to make your firewall settings persist between restarts:

apt-get install netfilter-persistent iptables-persistent
service netfilter-persistent save

6. Disable root login.

To make attack attempts harder to success, you want to disable root login to your server. This way not only your password has to be guessed, but login as well. Doing that is much harder, than guessing/bruteforcing just a password.

To do it, you need to modify a SSH config file, using text editor of your choice.

Open /etc/ssh/sshd_config and change followiwng line:

PermitRootLogin yes

to

PermitRootLogin no
AllowUsers <username>

7. Done

Now you want to reboot your machine.

reboot

Next time you login through SSH, use your created username.

Hopefully, this short guide was helpful to you.



Next: Hosting Your Website on Linux Server With Free SSL...

Previous: Fastest Way to Learn Programming