This tutorial will show you on how to secure and harden your Ubuntu or CentOS VPS.
A Linux VPS
Protecting from Brute Force Attacks
One of the common mechanism used by a hacker to take control your online business is by initiating brute force attacks against the server and web platform like WordPress, Joomla, etc.
This can be dangerous if not taken seriously. There is two popular program you can use to protect Linux from brute force.
SSHGuard monitors the running services from the system log files and blocks repeated bad login attempts.
Initially, it was meant for SSH login protection, but now it supports many others.
- Pure FTP, PRO FTP, VS FTP, FreeBSD FTP
You can get SSHGuard installed with the following commands.
apt-get install SSHGuard
wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/hornos:/centos/CentOS_CentOS-6/x86_64/sshguard-1.5-7.1.x86_64.rpm rpm -ivh sshguard-1.5-7.1.x86_64.rpm
Fail2Ban is another popular program to protect SSH. Fail2Ban automatically update the iptables rule if failed login attempt reaches the defined threshold.
To install Fail2Ban in Ubuntu:
apt-get install fail2ban
and to install in CentOS:
yum install epel-release yum install fail2ban
SSH Guard and Fail2Ban should be sufficient to protect SSH login. However, if you need to explore more then, you may refer the following.
Disable Password-based Authentication
If you log in to your server from one or two computers, then you can use SSH key based authentication.
However, if you have multiple users and often log in from multiple public computers the, it might be troublesome to exchange key every time.
So based on the situation, if you opt to disable password-based authentication, you can do it as following.
Note: this assumes you have already setup SSH key exchange.
/etc/ssh/sshd_configusing vi editor
- Add the following line or uncomment it if exist
- Reload the SSH Daemon
Backup is your friend! When nothing works then the backup will rescue you.
Keeping your VM OS up-to-date is one of the essential tasks to ensure your server is not exposed to any latest security vulnerabilities.
In Ubuntu, you can use
apt-get update to ensure latest packages are installed.
In CentOS, you can use
Don’t leave opened ports
Keeping unwanted opened ports like an inviting attacker to take advantage. If you are just hosting your website on your VM then most likely you need either port 80 (HTTP) or 443 (HTTPS).