Setting Up a Basic Level of Security for Your Linux VPS

Secure your Linux VPS (Virtual Private Server) now to protect web services, databases and cloud applications from cyber threats. A VPS is a remotely accessible server environment, so implement basic security measures to reduce the risk of unauthorised access, data breaches and service disruptions.

This article will explore the essential steps to secure a Linux VPS, covering SSH hardening, firewall configuration, user management, software updates, and monitoring strategies. These measures provide a strong foundational security level for any Linux-based server.

Secure Remote Access with SSH Hardening

One of the first steps in securing a VPS is configuring SSH (Secure Shell), as it is the primary method for remote server access.

Change the Default SSH Port

By default, SSH runs on port 22, which is frequently targeted by brute-force attacks. Changing this port reduces the number of automated attacks. To modify the port - open the SSH configuration file:

    sudo nano /etc/ssh/sshd_config

Locate the line:

    #Port 22

Change it to an uncommon port, such as 2222:

    Port 2222

Restart SSH service:

    sudo systemctl restart sshd

Disable Root Login

Allowing root login via SSH is a major security risk. Instead, create a regular user with sudo privileges and disable root access.

Add a new user:

    sudo adduser secureuser
    sudo usermod -aG sudo secureuser

Disable root SSH login. Edit /etc/ssh/sshd_config and set:

    PermitRootLogin no

Restart SSH service:

    sudo systemctl restart sshd

Use SSH Key Authentication

Using SSH keys instead of passwords significantly enhances security. Generate an SSH key pair on your local machine:

    ssh-keygen -t rsa -b 4096

Copy the public key to the server:

    ssh-copy-id -p 2222 secureuser@your_vps_ip

Disable password authentication in /etc/ssh/sshd_config:

    PasswordAuthentication no

Restart SSH service:

    sudo systemctl restart sshd

Configure a Firewall

A firewall helps block unauthorized access while allowing necessary services to function.

Using UFW (Uncomplicated Firewall)

Install UFW if not already installed:

    sudo apt install ufw

Allow necessary services:

    sudo ufw allow 2222/tcp
    sudo ufw allow 80/tcp
    sudo ufw allow 443/tcp

Enable the firewall:

    sudo ufw enable

Check firewall status:

    sudo ufw status verbose

Other useful articles in our Blog:

    - Working with Linux Logs: journalctl, grep, awk, and sed

    - Top 5 Linux Virtual Machine Software for Your Virtualization Needs

    - TOP 6 Linux Distributions for VPS

    - Manually remount fstab without rebooting the Linux server

Keep the System Updated

Regular updates help mitigate vulnerabilities.

Update the System

On Debian-based systems:

    sudo apt update && sudo apt upgrade -y

On RHEL-based systems:

    sudo yum update -y

Enable Automatic Security Updates

For Debian/Ubuntu:

    sudo apt install unattended-upgrades
    sudo dpkg-reconfigure unattended-upgrades

Manage User Access and Permissions

Create a Limited User

Instead of performing all actions as root, use a standard user account with sudo privileges.

    sudo adduser newuser
    sudo usermod -aG sudo newuser

Use the Principle of Least Privilege

Restrict permissions using chmod and chown to ensure users only have access to necessary files.

For example:

    chmod 700 /home/user/private_folder
    chown user:user /home/user/private_folder

Install and Configure Fail2Ban

Fail2Ban helps protect against brute-force attacks by banning IPs with multiple failed login attempts.

Install Fail2Ban:

    sudo apt install fail2ban

Create a local configuration file:

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit /etc/fail2ban/jail.local and configure SSH settings:

    [sshd]
    enabled = true
    port = 2222
    maxretry = 5
    bantime = 600

Restart Fail2Ban:

    sudo systemctl restart fail2ban

Monitor System Activity

Enable Log Monitoring

Checking logs helps detect suspicious activities.

View authentication logs:

    sudo cat /var/log/auth.log

Monitor system logs:

    sudo journalctl -xe

Use Intrusion Detection Tools

Install tools like rkhunter to scan for rootkits:

    sudo apt install rkhunter
    sudo rkhunter --update
    sudo rkhunter --check

Conclusion

Set up a basic level of security for your Linux VPS by securing remote access, configuring firewalls, managing users, enabling automatic updates and monitoring system logs. These steps will significantly reduce vulnerabilities and create a strong foundation for further security enhancements. Regular audits and continuous monitoring are necessary to maintain a secure environment for any server in production.