Knowledgebase

Essential Server Security Hardening for Ubuntu

A few basic steps dramatically reduce your server’s attack surface. Apply these right after provisioning.

1. Keep the system updated

sudo apt update && sudo apt upgrade -y

2. Create a non-root user with sudo

sudo adduser deploy
sudo usermod -aG sudo deploy

3. Configure the firewall (UFW)

sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

4. Harden SSH

Edit /etc/ssh/sshd_config and set:

PermitRootLogin no
PasswordAuthentication no   # after adding your SSH key
sudo systemctl restart ssh

5. Install Fail2ban

sudo apt install -y fail2ban
sudo systemctl enable --now fail2ban

Also use SSH keys instead of passwords, and enable automatic security updates with sudo apt install unattended-upgrades.

Was this answer helpful?

0 Users Found This Useful

Powered by WHMCompleteSolution