Increasing the Security of Ubuntu Linux 12.04 LTS Server

When you first setup a VPS it’s all too easy to get tied up into believing you have the security of your system all covered. In-fact it is necessary to take extra care in ensuring your VPS is safe from hackers or potential security breaches.

The steps shown below are a good way to secure your Linux server, however there is an extensive list of ways to harden the security of your server at TheFanClub.

Why you should be securing your server provided by your VPS Provider? Firstly, when you signed up to an account with your VPS you provided a password for your root account. This password is stored somewhere in your provider’s database. The point here is your VPSs’ password would be stored in your provider’s database, available to any hacker or system that compromises your provider’s database.

Changing your root password

Assumed you are already logged in via SSH to your VPS use the following command to change your root password.

passwd

You will then be prompted to enter a new password.

Create a secondary Administration account

Use the following command to create a secondary administration account.

useradd <YourNewAdminUsername>

passwd <YourNewAdminUsername>

Now we need to add that username to the administration group of Linux users on your system.

sudo groupadd admin
sudo usermod -a -G admin <YourNewAdminUsername>
sudo dpkg-statoverride –update –add root admin 4750 /bin/su

Change SSH port and Disable Root Login

**** Important create a secondary administrator account first ****

SSH is already one of the most secure ways to connect to a Linux box. However by disabling root login and only allowing a secondary administration account to login will add a whole new dimension to your server’s security. For example the hacker or system would now need to determine the other administrator’s username to login into the system as well as their password.

sudo vi /etc/ssh/sshd_config

Change or add the following and save

Port <ENTER YOUR PORT>
Protocol 2
PermitRootLogin no
DebianBanner no

Restart SSH

sudo /etc/init.d/ssh restart

More ways to secure your system

This guide should have pointed you in the right direction in taking the necessary steps to secure your Linux system. For more options in securing your system go to thefanclub.co.za.