Security for personal linux servers

31 May

A few days ago I used a Raspberry Pi 2 as a toy server. Yesterday I noticed that it already got 72,000 failed SSH logins, this prompted me to search some linux security tips. This site ubuntu hardening guide is the one I would recommend. Below is a summary of what I learned (from reading the mentioned site and other pages)

0. sudo apt-get update && sudo apt-get dist-upgrade  (also remember to setup auto update).

This would keep your server updated (and hence less vulnerable to known bugs).

1. Setup firewall to only allow the ports (like ssh/22, http/80, https/443) that you plan to use, and put rate limit on SSH port.

a) sudo ufw allow ssh

b) sudo ufw limit ssh/tcp

2. Install fail2ban: to ban an IP if there are too many failed login in a short time from that ip.

3. Disable SSH login via password, always pick SSH login via keys (detail), and only allow certain users to login via ssh. A poor ssh password is a big risk. On the other hand, ssh login via key is much safer — It’s much much more harder (if not impossible) to brute force ssh keys.

4. Remove not-needed packages and/or disable not-needed services:  these packages or services might hide security bugs.

5. Lock and/or make some routine users (like root, irc, ..) not able to login (here)

6. Monitoring & read ubuntu hardening guide

Advertisements
%d bloggers like this: