Basic Server Protection

Wednesday, 28 January, 2015

Basic server protection suggestions that will enhance the security of your server. The more you can implement, the more secure your server will be. We’ve implemented on Ubuntu but it is applicable to most other Linux-based operating systems.

I would like to emphasize one thing:

USE SECURE PASSWORDS!

There are countless password generators online so use one to create a password which will include a mixture of upper and lower case letters, numbers, and symbols.

Now let’s get back to the important issues:

However secure your sites may be if they are on a poorly configured server you may as well not even bother.

There are many tutorials on the Internet for configuring servers and 90% of them explains the basics, and this is OK, but if you want extra security you will have to make the effort.

Here are some suggestions that are easy to implement. Each of these steps will enhance server to enhance the security of your server. (the more you can implement, the more secure your server will be.  We’ve implemented these steps on Ubuntu, but they apply to most other Linux-based operating systems.

1. Disable Root Login

2. Change SSH port

3. Block countries which you do not want to visit your server / web site

4. Install fail2ban

Default jails are installed automatically, but we need to setup our own:

Paste:

Now for every jail configuration:

 

Add the missing ignoreregex line in the postfix-sasl file:

Note: This configuration is based on ISPConfig Ubuntu setup.
If you have different configuration be sure you are using correct log file in logpath.

Open /etc/fail2ban/jail.conf:

Find action = %(action_)s and replace with:

Also find destmail and replace root@localhost with your email.

And finally, restart fail2ban:

Additional links:
SOON

5. Other

Jailroot FTP accounts, Jailkit on SSH, configure MySQL only to local-host (if you can). I would like to add that most attacks come from Botnet and Script kiddies.

Sebastijan Placento

Comments

© 2017, All Rights Reserved. Gauss Development is Gauss Ltd brand.