[Linux] Several Security Configurations for Ubuntu VPS Servers

A month ago, I migrated my blog to a DigitalOcean VPS. Originally, I was considering using CentOS, but if I use Ubuntu Server, I can get a $20 credit, while CentOS only offers $10. So, I decided to use Ubuntu 12.04 as the system for my VPS. After SSHing into the system, I could see that DigitalOcean had already strengthened the system, so I could skip some security configurations. However, basic security configurations still need to be done. Here are the steps for my Ubuntu VPS system security configuration for your reference.

I installed LAMP + VSFTP as the WordPress service program and also enabled PPTP service for VPN bypassing.

  1. Change the root password. I don't need to explain the reason, right? The first step after SSHing into the system.


  1. Create a new user to replace the role of root. In most cases, you don't need to use root. When needed, use sudo.

Set the username as lidaren#

Add the user with the home directory as /home/lidaren, shell as bash, main user group as lidaren, and additional groups as sudo, adm, root. Usually, setting the additional group as sudo is enough.#

useradd -d /home/lidaren -m -s /bin/bash -g lidaren -G sudo,adm,root lidaren
passwd lidaren # Set the user password

  1. Modify the SSH configuration by editing the /etc/ssh/sshd_config file and disable root access.

Change the port to any port except 22#

port 60022

Disable root user from logging in via SSH#

PermitRootLogin no

Disable users from logging in with empty passwords#

PermitEmptyPasswords no

Limit the number of login retries after failed attempts#

MaxAuthTries 3

Restrict the users who can log in#

AllowUsers lidaren

After making the changes, reload or restart sshd

/etc/init.d/sshd reload
/etc/init.d/sshd restart

Logout and login using the newly created user.

  1. Finally, before leaving, remember to execute the following commands:

rm /root/.bash_history
rm /root/.mysql_history

Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.