Securing your server is important, we’ll discuss it in this article why?, but lets begin securing your server right now, with these, quick and small steps towards a secured server.
Before we begin, make sure:
1.You have root access to the Linux server
2.You are running either Ubuntu 10.04 LTS or above or a Debian variant.
Checklist
1.Reduce the attack surface
a.Start with a mini distro and add software on top of it.
# tasksel install openssh-server
# tasksel install lamp-server
b.See which processes are listening on the external IP address
# netstat –nltup -4
c.Stop or remove services from running or booting up
# /etc/init.d/<service name> stop
# update-rc.d <service name> remove
d.Stop services from listening on external IP address
bind-address=127.0.0.1
2.Patch and Update your server
# apt-get update && apt-get upgrade
3.Secure your access with SSH
a.Remove Root Login
b.Ideally use public keys with passphrases
c. Add another directive in /etc/sshd_config
d.AllowUsers <user@host>
4. Secure Apache Web server
a.In /etc/apache2/conf.d/security
b.Uncomment line number 27 ServerTokens Prod
c.Uncomment line number 39 ServerSignature Off
d.Keep file owner as the user which uploads and group as www-data
5. Secure MySQL if database server and web server are on the same host
a. In /etc/mysql/my.cnf
b.bind-address=127.0.0.1
c.Execute following command
# mysql_secure_installation
d. Create a new user for each new database and only give access to the following
e.SELECT, INSERT, UPDATE, DELETE, ALTER, CREATE
f.Specify the host where the user can login from. Ideally this should be localhost and never ‘%’
6. Enable Uncomplicated Firewall
a. ufw allow
b.ufw allow <Ports you want>
c. ufw default deny
d.ufw allow from <external IP> to <current host IP> port 3306
Categories: KnowledgebaseTutorials
0 Comments