banner
李大仁博客

李大仁博客

天地虽大,但有一念向善,心存良知,虽凡夫俗子,皆可为圣贤。

Several security configurations for [Linux]Ubuntu VPS servers.

title: "Several Security Configurations for Ubuntu VPS Servers [Linux]"
date: "2013-08-29"
categories:

  • "system management"
    tags:
  • "centos"
  • "linux"
  • "ubuntu"

A month ago, I migrated my blog to a DigitalOcean VPS. Originally, I was considering using CentOS, but since Ubuntu Server offered a $20 credit compared to CentOS's $10 credit, I decided to use Ubuntu 12.04 as the VPS system. After logging in via SSH, I noticed that DigitalOcean had already strengthened the system, so some security configurations could be omitted. However, basic security configurations still need to be done. Below are the steps I took to configure the security of my Ubuntu VPS system, for your reference.

I installed LAMP+VSFTP as the WordPress service program and also enabled PPTP service for VPN bypassing.

  1. Change the root password. I believe I don't need to explain the reason for this step after logging into the system via SSH.

passwd

  1. Create a new user to replace the root role. In most cases, there is no need to use the root user. When necessary, use sudo instead.

Assuming the username is lidaren

Add the user with the home directory as /home/lidaren, shell as bash, main user group as lidaren, and additional groups as sudo, adm, and root. Usually, setting the additional group as sudo is sufficient.

useradd -d /home/lidaren -m -s /bin/bash -g lidaren -G sudo,adm,root lidaren
passwd lidaren # Set the user password

  1. Modify the SSH configuration by editing the /etc/ssh/sshd_config file and disabling root access.

Change the port to any number except 22

port 60022

Disable root user from logging in via SSH

PermitRootLogin no

Disable users from logging in with empty passwords

PermitEmptyPasswords no

Limit the number of login retries after failure

MaxAuthTries 3

Restrict the users allowed to log in

AllowUsers lidaren

After making the changes, reload or restart sshd.

/etc/init.d/sshd reload
or
/etc/init.d/sshd restart

Log out and log in using the newly created user.

  1. Finally, before leaving, remember to execute the following commands:

rm /root/.bash_history
rm /root/.mysql_history

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.