Secure your server against common threats with these security hardening steps.
SSH Security
Change Default SSH Port
Edit /etc/ssh/sshd_config:
Port 2222
Restart SSH:
systemctl restart sshd
Disable Root Login
In /etc/ssh/sshd_config:
PermitRootLogin no
Use SSH Keys Only
PasswordAuthentication no
PubkeyAuthentication yes
Limit SSH Access
AllowUsers yourusername
Firewall Configuration
UFW (Ubuntu)
ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw enable
Firewalld (CentOS)
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --reload
Fail2Ban
Protect against brute force attacks:
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
Configure /etc/fail2ban/jail.local:
[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600
System Updates
Automatic Security Updates
Ubuntu:
apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades
Secure Shared Memory
Add to /etc/fstab:
tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0
Disable Unused Services
List running services:
systemctl list-units --type=service --state=running
Disable unnecessary services:
systemctl disable service-name
Install Security Tools
Rkhunter (Rootkit Hunter)
apt install rkhunter
rkhunter --check
ClamAV (Antivirus)
apt install clamav
freshclam
clamscan -r /var/www
Monitor Logs
Important logs to monitor:
- /var/log/auth.log — Authentication attempts
- /var/log/syslog — System events
- /var/log/apache2/ — Web server logs
Regular Audits
- Review user accounts monthly
- Check for unusual processes
- Monitor network connections
- Review firewall rules
- Update all software regularly
Tags:#security#hardening#vps#dedicated#firewall