Originally posted on my blog
A virtual private server (VPS) is a virtual machine sold as a service by an Internet hosting service. The virtual dedicated server (VDS) also has a similar meaning.
In the modern world, It's impossible to feel 100% secure and safe, vulnerabilities are everywhere.
The security industry is one of the fastest growing industries in the world today, every day compagnies complain about hacking or some security issue, what ever the size of your company you must be conscience about hacking and hacker.
In this modern age, security is very important.
Security should be one of your priorities, physics and logics.
In this article i will share with you some tips to secure your VPS server.
Three reason to upgrade your system
1- Get full advantages of new features and functionalities
2- Bug fixes and Security improvement
3- Remove some outdated packages
Before you update your system make sure you have created a new user different of the default user AKA root.
$ ssh root@<your.ip.address>
$ adduser <username>
$ usermod -aG sudo <username>
SSH keys provide a more secure way of logging into a server with SSH than using a password alone.
Do this in your machine and hit enter all the way through it will generate a public and private key.
Copy the public key
$ cat ~/.ssh/id_rsa.pub
In your server
$ cd /home/username/ $ mkdir .ssh cd .ssh nano authorized_keys Paste the key and hit "ctrl-x", hit "y" to save and "enter" to exit
$ ssh username@<your.ip.address>
Run this command to update the packages :
$ sudo apt update $ sudo apt upgrade
Security expert highly recommended to not use root user .
$ sudo nano /etc/ssh/sshd_config
PermitRootLogin no PasswordAuthentication no
$ sudo systemctl reload sshd
In this article i use ufw firewall, is very easy to setup and it's good for most use cases.
See which apps are registered with the firewall
$ sudo ufw app list
$ sudo ufw allow OpenSSH
$ sudo ufw status
Fail2ban is a log-parsing solution that monitors system logs for symptoms of an automated attack on your Server.
Basically, Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.
$ apt-get install fail2ban
The system will start automatically
In order to get it work right you need to configure it and the article can't cover all the details, you can find online resources.
Thank you for reading.
Any tips, idea or suggestion ?