Ubuntu Security

Discussion in 'Systems Administration' started by GaIaxy, Mar 14, 2017.

  1. GaIaxy

    Supporter

    So far with my newly updated Ubuntu machine, I've done a few security deals to ensure that my server stays as safe as possible. There's a few things that I don't yet understand, but will hopefully shortly.

    Regardless, this is what I have done to my server using Ubuntu 16.10
    • Disable root
    • Create a new user account with limited access
    • Create a SSH key for such account
    • Limit connection to my IP only
    • Set to check for system updates every week, and process them if any
    • Log any failed/successful connections to an email
    Hopefully this will work! RageCraft was known for being hacked, for apparently the last owner pissed some people off. Any suggestions on what to add/change to secure this machine is greatly appreciated. If you'd like to "security check" it and try to gain access, just PM me.
     
  2. 2fa ssh addon might be useful
     
  3. Add an iptables firewall

    Is not a good idea, check the updates manually
     
  4. I think you did even more than what was needed. Never had hacking problems but just ssh keys are a good protection I think. Correct me if I'm wrong.
     
  5. Be very careful; if a user were to try to connect over and over again, it could send an email flood and potentially crash the server (unlikely, but still). I'd suggest looking into something like fail2ban in order to prevent such abuses.
     
    • Agree Agree x 1
  6. //Quite offtopic
    I'm stuck from my dedi now, just when i login i receive an ''Access Denied'' after it requires me the output. Should i go in rescue mode and reset root's password?
     
  7. Did you forgot your root password? If so yes start the server into rescue mode.
     
    • Agree Agree x 1
  8. No, i use something like MobaXTerm that stores passwords (not that safe but amen).. It gets me stuck even if i also perfectly know the password
     
  9. Just reset the password.
     
  10. Same error.
    Ill contact ovh/sys support i guess
     
  11. Do you have a ssh key into your sys manager installed?
     
  12. Never found an option for them in sys panel.
    I appreciate your help, but i wouldn't like to let other users getting many notifications for problems i'm issuing, we can get to pms?
     
  13. this undue
    • if you lose the key? or you need to go from your phone or another computer? use strong passwords
    • if you need to go out of the house or break connection to the internet?)
    these two points make the server not reliable
     
  14. Dynamic ips are also a problem..
     
  15. Code (Text):
    sudo apt install fail2ban
    sudo nano /etc/fail2ban/jail.conf
    sudo service fail2ban restart
    good thing, but a strong password would not be found via brute force
     
  16. GaIaxy

    Supporter

    I've had to re-install the server sadly. Not because of anything, but because I didn't like how things ran. Regardless, I know that I can put a private key on whatever machine I'd be using. I think I will tone down the security a bit, but not sure I will get rid of ssh keys.
     
  17. Buzzzy

    Supporter

    All you really need to stop people from logging in to your backend is to just use ssh keys and disable passwords. So basically, I would just recommend not removing ssh keys.
     
    • Agree Agree x 1
  18. GaIaxy

    Supporter

    Yeah, I'm going to keep it simple by removing root, removing passwords, ssh keys, and change the port.
     
    • Like Like x 1
  19. Buzzzy

    Supporter

    That sounds perfect to me.
     
    • Agree Agree x 1
  20. Just to chime in here, I'd highly suggest getting Lynis for security auditing, if you know what it's telling you. It's very useful, and if you can understand what it outputs, and what to modify, it's a great tool.

    As others said, SSH key-only login, no root login, fail2ban, and the ufw firewall all help with security.
     
    • Agree Agree x 1