Securing the Server - n05urpr1532-MHA-Team/PTS-Team GitHub Wiki

.

Do NOT FORGET SECURITY BASICS 101

Page Table of Contents

In this section, we will discuss the following steps:

Root Password

First thing to do if you were given a root password from you Server/VPS provider (especially via email) is to change it, please type:-

passwd

NOTE: My system is a mix of German and English, will update images later to English!

Type your chosen password twice (don't worry if you do not see the cursor move, it's meant to stay blank for security reasons) and you should see something like this:-

SUDO user account

Next we want to create a SUDO user account as it's not a good idea to access and run everything with root!

Remember to change YOUR-USERNAME to whatever you want

useradd -m -d /home/YOUR-USERNAME YOUR-USERNAME
usermod -aG sudo YOUR-USERNAME

Here we create a password for your new user (ideally different from your root password)

passwd YOUR-USERNAME
su YOUR-USERNAME
sudo usermod -s /bin/bash YOUR-USERNAME
### Switch to new user home folder ###
cd ~

Example to compare against:-

To exit out of your new user or ssh you can type exit and to change user just type su YOUR-USERNAME

PlexGuide Install

Now we need to install PTS so that Fail2Ban and UFW are installed automatically. NOTE: This step can be skipped if you have already installed PlexGuide

CLICK HERE for methods and come back after you've installed it using the plexguide command.

You're nearly done, 3 more important steps to take!

Fail2Ban

CLICK HERE to set up the Fail2Ban Ban Hammer and come back afterwards.

UFW

UFW is your firewall, we'll just show you the minimum steps needed to protect your Server

sudo ufw status verbose
sudo ufw default allow outgoing
sudo ufw default deny incoming

Make sure to allow ssh or you will not be able to login!

sudo ufw allow ssh
sudo ufw enable

Plenty more info out there if you want to make your server even more secure!

Here are two you can have a read of:-

Reference 1: https://www.cyberciti.biz/faq/howto-configure-setup-firewall-with-ufw-on-ubuntu-linux/

Reference 2: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04

Reboot your Server and login using your new user account as we will switch off root access in the next step!

sudo reboot

SSH Root Access

Finally, we should block root login via ssh as this is what bots tend to hack first!

sudo nano /etc/ssh/sshd_config

Look for PermitRootLogin yes and change the yes to no like this:-

Now to activate it we need to restart the ssh service with:-

sudo service ssh restart

SSH Key Method

- Please feel free to complete this for us!

For further reading check out the following:-

Info on securing servers via this blog: https://blog.devolutions.net/2017/4/10-steps-to-secure-open-ssh

Digital Ocean advice: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers

Visit our Website By Click the Picture Below! N|Demo

N|Solid N|Solid

Wiki - Wiki

⚠️ **GitHub.com Fallback** ⚠️