Tips for Securing a Linux Server or VPS

Must read:

Ferdian Alfianto

Ferdian Alfianto

Ferdian Alfianto is an Internet enthusiast, Mac Lover; likes using Wordpress, experimenting with Linux (especially Debian and Ubuntu), tinkering with pfSense routers, happy experimenting with LEMP (Linux, Nginx, MariaDB, PHP) and Redis. You can contact me here.

The server or VPS that we use to host our website is connected to the Internet, anyone can access it. To protect from access by unscrupulous hands, we need to secure the server or VPS. We will install firewall, SSH key pair authentication and an automatic blocking system called fail2ban. It is hoped that with the steps below, our server or VPS can be protected from attacks by irresponsible parties.

Non Root Login

root is a very powerful user on a Linux machine. But problems arise when logged in as root is we can execute all commands, both standard commands and commands that can destroy our server! Therefore, it's better if we don't log into the server or use a VPS root, namely by creating another user and using it when we are working on a server or VPS. Although logged in with the user non-root, we can still execute commands root by using sudo.

Here's how to create a new user non root:

  1. Login as usual using root to the server or VPS.
  2. Install the sudo program first if it doesn't exist with the following command:
    apt-get install sudo
  3. Create a new user with the following command. Replace user_ new with the username we want:
    adduser new user
  4. Add new user to the system administrators (admin) group using the following command. Replace new user with the user we created earlier:
    usermod -a -G sudo user_baru
  5. Then we exit root so we can log in with the user we just created, with the command:
  6. Now we try to log in again to our server or VPS with a new user.


Now you can manage the server using the username you just created, without having to be root. If you want to execute the superuser command (as root), you can add sudo in front of the command. For example if you want to update the server, use the command sudo apt-get update. Almost all superuser commands can be executed using sudo, and all commands executed with sudo will be recorded /var/log/auth.log.

Non Enable Root Login & Change SSH Port

Because we have created a new user to SSH login with capabilities sudo, it's good that we deactivate it root login & replace default port SSH. This is to increase security and minimize attacks.

  1. The first step is to update the SSH configuration file using the following command:
    sudo nano / etc / ssh / sshd_config
  2. Change PermitRootLogin to noas shown below:
    PermitRootLogin no
  3. Change the SSH port from 22 to another port, for example 3342. Look for port configuration 22 and replace it with the port according to your wishes.
    Port 3342
  4. Save the configuration that we have changed by pressing the keyboard button Ctrl-X, and then Y.
  5. Restart SSH using the following command:
    sudo service ssh restart

    After restarting SSH, the new configuration will be used by SSH.

Creating a Firewall

Next we will create firewall to limit or block traffic inbound the unwanted. Configuration firewall The following is a simple example, which only opens port 80 (http), 443 (https) and 3342 (the SSH port that we previously changed from the default port 22). You can freely change the configuration according to server needs.

  1. First, check the current firewall configuration using the command:
    sudo iptables -L
  2. Look at the output. If you have never previously edited a firewall, you will see an empty ruleset, as shown below:
    Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
  3. Create a file to store our firewall configuration, with the command:
    sudo nano /etc/iptables.firewall.rules
  4. Now let's enter some firewall rules to the file iptables.firewall.rules that you made above.
  5. Save the above configuration by pressing Ctrl-X, and then Y.
  6. Activate firewallby running the following command:
    sudo iptables-restore </etc/iptables.firewall.rules
  7. Double check configuration firewallus with the command:
    sudo iptables -L
  8. Check the output. The new ruleset will look like this:
    Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all - anywhere anywhere REJECT all - anywhere reject-with icmp-port-unreachable ACCEPT all - anywhere anywhere state RELATED, ESTABLISHED ACCEPT tcp - anywhere anywhere tcp dpt: www ACCEPT tcp - anywhere anywhere tcp dpt: https ACCEPT tcp - anywhere anywhere state NEW tcp dpt: ssh ACCEPT icmp - anywhere anywhere icmp echo-request LOG all - anywhere anywhere limit: avg 5 / min burst 5 LOG level debug prefix `iptables denied: 'REJECT all - anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all - anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (ACCEPT policy ) target prot opt source destination ACCEPT all - anywhere anywhere
  9. To confirm configuration firewall we run when the server is restarted, we must create a new script with the command:
    sudo nano /etc/network/if-pre-up.d/firewall
  10. Copy and enter the following lines:
    #! / Bin / sh / sbin / iptables-restore </etc/iptables.firewall.rules
  11. Press Ctrl-X and then Y to save the script.
  12. Chmod our script with the command:
    sudo chmod + x /etc/network/if-pre-up.d/firewall

    Firewall already installed, and will protect our server. Remember, you have to change the above configuration if you install new software. For example if you have installed a DNS service, then you will have to open port 53.

Install Fail2Ban

Fail2Ban is an application that will detect repeated login attempts to our server, Fail2Ban will create firewall rule temporarily to block the IP address of our server attacker. Fail2Ban can monitor various protocols, such as SSH, HTTP and SMTP. But by default, Fail2Ban only monitors SSH.

Here's how to install Fail2Ban:

  1. Install Fail2Ban by using the command:
    sudo apt-get install fail2ban
  2. By default Fail2Ban will protect SSH once installed, no other steps needed. But if you change the default configuration of Fail2Ban, you can create an jail.localnew. With the following command:
    sudo nano /etc/fail2ban/jail.local
  3. Variable set bantime to set how long the block is applied (in seconds).
  4. Variable set maxretry to set a limit on the number of login attempts that can be performed before an IP address is blocked.
  5. Press Ctrl-X and then Y to save the configuration.

Fail2Ban will now monitor our SSH server. If someone tries to log into our server, until several attempts fail to log in, Fail2Ban will block the attacker's IP address and will record it on /var/log/fail2ban.log.

Install (D) DoS Deflate

(D) DoS Deflate is bash shell script lightweight designed to aid in the attack blocking process DoS (Denial of Service).

The installation process is very easy, here are the steps:

  1. Download the (D) DoS Deflate script with the following command:
  2. Then chmod the installation script with the command:
    chmod 0700
  3. Run the installation script
  4. To exit the readme display, type the command
    : q

Done! Your server is protected from Denial of Service attacks by using (D) Dos Deflate!


Latest articles:


World's First Website

On 6 August 1991, without fanfare, British computer scientist Tim Berners-Lee published his first website while working at CERN, the large particle physics laboratory.

Related article:

MongoDB logo

Easy to Install MongoDB on Ubuntu 20.04

This tutorial explains how to install and configure MongoDB Community Edition on Ubuntu 20.04. MongoDB is a free, open-source document database. Belongs to the so-called database family

8 Best Free Password Manager 2019

Password manager is an application that helps us create good and strong passwords, store them with layered security & encrypted, both stored on a local hard disk

11 Places To See Real-Time Cyber Attacks

It is quite exciting to monitor cyber attack activity in real-time around the world. Thousands of websites are hacked every day because of files or plugins