Securing your Ubuntu server immediately after installation is vital to protect it from unauthorized access and maintain system integrity. Follow this beginner-friendly checklist to harden your server:

1. Update Your System

Keep your packages up-to-date:

sudo apt update && sudo apt upgrade -y

2. Create a New User (Avoid Using Root)

sudo adduser newuser
sudo usermod -aG sudo newuser

3. Enable UFW Firewall

Allow SSH and enable UFW:

sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status

4. Configure SSH

Edit SSH config:

sudo nano /etc/ssh/sshd_config

Recommended changes:

PermitRootLogin no
PasswordAuthentication no    # Use only if SSH keys are set up
Port 2222                    # Optional: change default SSH port

Apply changes:

sudo systemctl restart ssh

5. Set Up SSH Key Authentication

Generate keys on your local machine:

ssh-keygen
ssh-copy-id newuser@your_server_ip

6. Install Fail2Ban

Protect against brute-force login attempts:

sudo apt install fail2ban -y
sudo systemctl enable fail2ban

7. Enable Unattended Security Updates

Install and configure:

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

8. Disable Unused Services

List active services:

sudo systemctl list-units --type=service

Disable unneeded ones:

sudo systemctl disable service-name

9. Set Timezone and Enable NTP

sudo timedatectl set-timezone Africa/Lagos
sudo timedatectl set-ntp on

10. Configure AppArmor (Optional)

AppArmor is pre-installed on Ubuntu:

sudo apt install apparmor-profiles apparmor-utils -y
sudo aa-enforce /etc/apparmor.d/*

By following these steps, you’ll significantly enhance the security and stability of your Ubuntu server from the start.