How to Secure a Newly Installed Ubuntu Server
Securing your Ubuntu server immediately after installation is vital to protect it from unauthorized access and maintain system integrity. Follow this beginner-friendly checklist to harden your server:
1. Update Your System
Keep your packages up-to-date:
sudo apt update && sudo apt upgrade -y
2. Create a New User (Avoid Using Root)
sudo adduser newuser
sudo usermod -aG sudo newuser
3. Enable UFW Firewall
Allow SSH and enable UFW:
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status
4. Configure SSH
Edit SSH config:
sudo nano /etc/ssh/sshd_config
Recommended changes:
PermitRootLogin no
PasswordAuthentication no # Use only if SSH keys are set up
Port 2222 # Optional: change default SSH port
Apply changes:
sudo systemctl restart ssh
5. Set Up SSH Key Authentication
Generate keys on your local machine:
ssh-keygen
ssh-copy-id newuser@your_server_ip
6. Install Fail2Ban
Protect against brute-force login attempts:
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
7. Enable Unattended Security Updates
Install and configure:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
8. Disable Unused Services
List active services:
sudo systemctl list-units --type=service
Disable unneeded ones:
sudo systemctl disable service-name
9. Set Timezone and Enable NTP
sudo timedatectl set-timezone Africa/Lagos
sudo timedatectl set-ntp on
10. Configure AppArmor (Optional)
AppArmor is pre-installed on Ubuntu:
sudo apt install apparmor-profiles apparmor-utils -y
sudo aa-enforce /etc/apparmor.d/*
By following these steps, you’ll significantly enhance the security and stability of your Ubuntu server from the start.
