{"id":696,"date":"2016-10-11T05:50:03","date_gmt":"2016-10-11T02:50:03","guid":{"rendered":"https:\/\/community.virtono.com\/?p=696"},"modified":"2017-02-21T12:44:58","modified_gmt":"2017-02-21T10:44:58","slug":"securing-linux-web-server","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/securing-linux-web-server\/","title":{"rendered":"Securing Ubuntu or Debian Linux Web Server"},"content":{"rendered":"<p>Securing your server is important, we&#8217;ll discuss it in this article why?, but lets begin securing your server right now, with these, quick and small steps towards a secured server.<br \/>\n<strong>Before we begin, make sure:<\/strong><br \/>\n1.You have root access to the Linux server<br \/>\n2.You are running either Ubuntu 10.04 LTS or above or a Debian variant.<br \/>\n<strong>Checklist<\/strong><br \/>\n<strong> 1.Reduce the attack surface<\/strong><br \/>\na.Start with a mini distro and add software on top of it.<br \/>\n# tasksel install openssh-server<br \/>\n# tasksel install lamp-server<br \/>\nb.See which processes are listening on the external IP address<br \/>\n# netstat \u2013nltup -4<br \/>\nc.Stop or remove services from running or booting up<br \/>\n# \/etc\/init.d\/&lt;service name&gt; stop<br \/>\n# update-rc.d &lt;service name&gt; remove<br \/>\nd.Stop services from listening on external IP address<br \/>\nbind-address=127.0.0.1<br \/>\n<strong> 2.Patch and Update your server<\/strong><br \/>\n# apt-get update &amp;&amp; apt-get upgrade<br \/>\n<strong> 3.Secure your access with SSH<\/strong><br \/>\na.Remove Root Login<br \/>\nb.Ideally use public keys with passphrases<br \/>\nc. Add another directive in \/etc\/sshd_config<br \/>\nd.AllowUsers &lt;user@host&gt;<br \/>\n<strong> 4. Secure Apache Web server<\/strong><br \/>\na.In \/etc\/apache2\/conf.d\/security<br \/>\nb.Uncomment line number 27 ServerTokens Prod<br \/>\nc.Uncomment line number 39 ServerSignature Off<br \/>\nd.Keep file owner as the user which uploads and group as www-data<br \/>\n<strong> 5. Secure MySQL if database server and web server are on the same host<\/strong><br \/>\na. In \/etc\/mysql\/my.cnf<br \/>\nb.bind-address=127.0.0.1<br \/>\nc.Execute following command<br \/>\n# mysql_secure_installation<br \/>\nd. Create a new user for each new database and only give access to the following<br \/>\ne.SELECT, INSERT, UPDATE, DELETE, ALTER, CREATE<br \/>\nf.Specify the host where the user can login from. Ideally this should be localhost and never \u2018%\u2019<br \/>\n<strong> 6. Enable Uncomplicated Firewall<\/strong><br \/>\na. ufw allow<br \/>\nb.ufw allow &lt;Ports you want&gt;<br \/>\nc. ufw default deny<br \/>\nd.ufw allow from &lt;external IP&gt; to &lt;current host IP&gt; port 3306<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Securing your server is important, we&#8217;ll discuss it in this article why?, but lets begin securing your server right now, with these, quick and small steps towards a secured server. Before we begin, make sure: 1.You have root access to the Linux server 2.You are running either Ubuntu 10.04 LTS<\/p>\n","protected":false},"author":3,"featured_media":701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[5,3],"tags":[],"class_list":["post-696","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-tutorial-how-to"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/tux_virus.png?fit=298%2C320&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-be","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":3191,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/how-to-install-postfix-on-linux\/","url_meta":{"origin":696,"position":0},"title":"How to install Postfix on Linux","author":"George B.","date":"April 8, 2023","format":false,"excerpt":"Install Postfix on CentOS 7 To install Postfix on CentOS 7, follow these steps: Open a terminal or login to your server via SSH as a root user. Update your system packages by running the following command: yum update Install Postfix using the following command: yum install postfix Start the\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/04\/How-to-install-Postfix-on-Linux.png?fit=600%2C330&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/04\/How-to-install-Postfix-on-Linux.png?fit=600%2C330&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/04\/How-to-install-Postfix-on-Linux.png?fit=600%2C330&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":724,"url":"https:\/\/www.virtono.com\/community\/news-announcements\/how-to-protect-your-server-against-the-dirty-cow-linux-vulnerability\/","url_meta":{"origin":696,"position":1},"title":"How To Protect Your Server Against the Dirty COW Linux Vulnerability","author":"Virtono","date":"October 25, 2016","format":false,"excerpt":"Introduction : On October 19, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Dirty COW has existed for a long time at least since 2007, with\u2026","rel":"","context":"In &quot;Announcements&quot;","block_context":{"text":"Announcements","link":"https:\/\/www.virtono.com\/community\/category\/news-announcements\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/IMG_2035.jpg?fit=1200%2C900&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/IMG_2035.jpg?fit=1200%2C900&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/IMG_2035.jpg?fit=1200%2C900&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/IMG_2035.jpg?fit=1200%2C900&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/IMG_2035.jpg?fit=1200%2C900&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2976,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/setup-linux-apache-mysql-phplamp-ubuntu-20-04\/","url_meta":{"origin":696,"position":2},"title":"Setup Linux Apache MySQL PHP(LAMP) &#8211; Ubuntu 20.04","author":"George B.","date":"August 5, 2022","format":false,"excerpt":"What is LAMP? LAMP (Linux, Apache, MySQL, PHP\/Perl\/Python) is an acronym that refers to one of the most widely used software stacks for many of the web's most popular applications. Step 1 - Update\/Upgrade your package index sudo apt update sudo apt upgrade Step 2 - Install Apache apt-get install\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/08\/lamp_stack.webp?fit=800%2C432&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/08\/lamp_stack.webp?fit=800%2C432&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/08\/lamp_stack.webp?fit=800%2C432&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/08\/lamp_stack.webp?fit=800%2C432&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":3507,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/how-to-install-lemp-stack-linux-nginx-mysql-and-php-on-ubuntu-22-04\/","url_meta":{"origin":696,"position":3},"title":"How to install LEMP stack (Linux, Nginx, MySQL, and PHP) on Ubuntu 22.04","author":"George B.","date":"June 20, 2023","format":false,"excerpt":"Introduction The LEMP stack is a popular software stack for web development and hosting. It includes four major components: Linux, Nginx, MySQL, and PHP. Each component serves a specific purpose in powering dynamic websites and web applications. Linux is the operating system that serves as the LEMP stack's foundation. In\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/06\/How-to-install-LEMP-stack-Linux-Nginx-MySQL-PHP-on-Ubuntu-22-04.png?fit=600%2C330&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/06\/How-to-install-LEMP-stack-Linux-Nginx-MySQL-PHP-on-Ubuntu-22-04.png?fit=600%2C330&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2023\/06\/How-to-install-LEMP-stack-Linux-Nginx-MySQL-PHP-on-Ubuntu-22-04.png?fit=600%2C330&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":2836,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/how-to-install-plesk-on-ubuntu-20-04\/","url_meta":{"origin":696,"position":4},"title":"How to Install Plesk on Ubuntu 20.04","author":"George B.","date":"July 18, 2022","format":false,"excerpt":"What is Plesk? Plesk is a commercial web hosting and server data center automation software developed for Linux and Windows-based retail hosting service providers. Plesk Minimum Requirements The minimum amount of RAM required for installing and running Plesk on Linux is 1 GB + 1 GB swap. On Windows \u2013\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/07\/1200px-Logo_Plesk.svg_.png?fit=1200%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/07\/1200px-Logo_Plesk.svg_.png?fit=1200%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/07\/1200px-Logo_Plesk.svg_.png?fit=1200%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/07\/1200px-Logo_Plesk.svg_.png?fit=1200%2C1200&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2022\/07\/1200px-Logo_Plesk.svg_.png?fit=1200%2C1200&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":147,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/how-to-install-and-run-apache-web-server-on-ubuntu-linux-os\/","url_meta":{"origin":696,"position":5},"title":"How to Install and Run Apache Web Server on Linux OS","author":"Daniel Draga","date":"July 23, 2016","format":false,"excerpt":"This article is part of series of articles on Apache. Here is the list: Introduction to Apache Web Server. Difference between Apache http and Apache Tomcat. How to Install and Run Apache Web Server on Ubuntu Linux.(this one) How to Install and Run Apache Web Server on Windows 10. Original\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/CfXJWnZUsAACtrg2.png?fit=470%2C245&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=696"}],"version-history":[{"count":7,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/696\/revisions"}],"predecessor-version":[{"id":900,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/696\/revisions\/900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/701"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}