A month ago, I migrated my blog to a DigitalOcean VPS. Originally, I was considering using CentOS, but if I use Ubuntu Server, I can get a $20 credit, while CentOS only offers $10. So, I decided to use Ubuntu 12.04 as the system for my VPS. After SSHing into the system, I could see that DigitalOcean had already strengthened the system, so I could skip some security configurations. However, basic security configurations still need to be done. Here are the steps for my Ubuntu VPS system security configuration for your reference.
I installed LAMP + VSFTP as the WordPress service program and also enabled PPTP service for VPN bypassing.
- Change the root password. I don't need to explain the reason, right? The first step after SSHing into the system.
passwd
- Create a new user to replace the role of root. In most cases, you don't need to use root. When needed, use sudo.
Set the username as lidaren#
Add the user with the home directory as /home/lidaren, shell as bash, main user group as lidaren, and additional groups as sudo, adm, root. Usually, setting the additional group as sudo is enough.#
useradd -d /home/lidaren -m -s /bin/bash -g lidaren -G sudo,adm,root lidaren
passwd lidaren # Set the user password
- Modify the SSH configuration by editing the /etc/ssh/sshd_config file and disable root access.
Change the port to any port except 22#
port 60022
Disable root user from logging in via SSH#
PermitRootLogin no
Disable users from logging in with empty passwords#
PermitEmptyPasswords no
Limit the number of login retries after failed attempts#
MaxAuthTries 3
Restrict the users who can log in#
AllowUsers lidaren
After making the changes, reload or restart sshd
/etc/init.d/sshd reload
or
/etc/init.d/sshd restart
Logout and login using the newly created user.
- Finally, before leaving, remember to execute the following commands:
rm /root/.bash_history
rm /root/.mysql_history