How to Secure and Harden a VPS (CentOS/Ubuntu)

This tutorial will show you on how to secure and harden your Ubuntu or CentOS VPS.

Requirements
A Linux VPS


Protecting from Brute Force Attacks

One of the common mechanism used by a hacker to take control your online business is by initiating brute force attacks against the server and web platform like WordPress, Joomla, etc.

This can be dangerous if not taken seriously. There is two popular program you can use to protect Linux from brute force.


SSH Guard

SSHGuard monitors the running services from the system log files and blocks repeated bad login attempts.

Initially, it was meant for SSH login protection, but now it supports many others.

  • Pure FTP, PRO FTP, VS FTP, FreeBSD FTP
  • Exim
  • Sendmail
  • Dovecot
  • Cucipop
  • UWimap

You can get SSHGuard installed with the following commands.

Ubuntu:

apt-get install SSHGuard

CentOS:

wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/hornos:/centos/CentOS_CentOS-6/x86_64/sshguard-1.5-7.1.x86_64.rpm
rpm -ivh sshguard-1.5-7.1.x86_64.rpm



Fail2Ban

Fail2Ban is another popular program to protect SSH. Fail2Ban automatically update the iptables rule if failed login attempt reaches the defined threshold.

To install Fail2Ban in Ubuntu:

apt-get install fail2ban

and to install in CentOS:

yum install epel-release
yum install fail2ban

SSH Guard and Fail2Ban should be sufficient to protect SSH login. However, if you need to explore more then, you may refer the following.

 

Disable Password-based Authentication

If you log in to your server from one or two computers, then you can use SSH key based authentication.

However, if you have multiple users and often log in from multiple public computers the, it might be troublesome to exchange key every time.

So based on the situation, if you opt to disable password-based authentication, you can do it as following.

Note: this assumes you have already setup SSH key exchange.

  • Modify /etc/ssh/sshd_config using vi editor
  • Add the following line or uncomment it if exist
PasswordAuthentication no
  • Reload the SSH Daemon

 

Regular Backup

Backup is your friend! When nothing works then the backup will rescue you.

Regular Update

Keeping your VM OS up-to-date is one of the essential tasks to ensure your server is not exposed to any latest security vulnerabilities.

In Ubuntu, you can use apt-get update to ensure latest packages are installed.

In CentOS, you can use yum update


Don’t leave opened ports

Keeping unwanted opened ports like an inviting attacker to take advantage. If you are just hosting your website on your VM then most likely you need either port 80 (HTTP) or 443 (HTTPS).

  • 0 utilizatori au considerat informaţia utilă
Răspunsul a fost util?

Articole similare

How to Install CS:GO server on CentOS 7

In this tutorial I'll explain how to setup a Counter-Strike: Global Offensive server. The steps...

How to Install CS:GO server on Ubuntu

This tutorial will show you on how to install a Counter-Strike: Global Offensive Server on your...

How to Install Fail2Ban (Ubuntu/CentOS)

This tutorial will show you on how to install Fail2Ban on your Ubuntu or CentOS VPS....

How to Install Let's Encrypt (CentOS/Debian/Ubuntu)

This tutorial will show you on how to install a Let's Encrypt on your Ubuntu, Debian or CentOS...

Iptables Anti-DDoS Rules

You can use the below iptables ruleset for additional DDoS protection of your Linux server.#Drop...