Secure your server
This guide presents the essential steps to secure your server.
Prerequisites
- SSH root or sudo access
Security steps
-
Update the system:
apt update && apt upgrade -y -
Create a non-root user:
adduser votre_utilisateur
usermod -aG sudo votre_utilisateur -
Configure SSH securely:
nano /etc/ssh/sshd_configModify these lines:
PermitRootLogin no
PasswordAuthentication no
Port 2222 # Change the default port -
Install and configure a firewall:
apt install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp # Your SSH port
ufw enable -
Install Fail2ban:
apt install fail2ban -
Configure automatic updates:
apt install unattended-upgrades
dpkg-reconfigure --priority=low unattended-upgrades
Recommended checks
- Test SSH connection with the new user
- Check firewall status:
ufw status - Monitor logs:
tail -f /var/log/auth.log
Best practices
- Change passwords regularly
- Monitor system logs
- Perform regular backups
- Keep the system up to date
- Use SSH keys rather than passwords
- Limit exposed services to the strict minimum
Troubleshooting
- Check system logs in
/var/log/ - Make sure essential services are active
- Check firewall rules
- Review connection attempts blocked by Fail2ban