Today, I decided to dive into something I’ve been putting off – hardening my new server. I’ve set up a few servers before, but I always feel like I’m just scratching the surface when it comes to security. So, I figured it was time to get serious.
First things first, I updated everything. Seriously, everything. I ran the update and upgrade commands to make sure all the packages were current. This is like security 101, but it’s easy to forget.
sudo apt update && sudo apt upgrade -y
Next up, I configured the firewall. I’ve used ufw before, so I stuck with that. I enabled it and set up some basic rules to allow SSH, HTTP, and HTTPS traffic. I’m not running anything else on this server, so I kept it simple.
sudo ufw enablesudo ufw allow OpenSSHsudo ufw allow httpsudo ufw allow https
After that, I tackled SSH hardening. This felt a little daunting at first, but it’s mostly just editing a config file. I disabled root login, which is a big no-no. I also changed the default SSH port to something random, just to make it a little harder for bots to find. And, most importantly, I set up key-based authentication. No more passwords!
sudo nano /etc/ssh/sshd_config
To be honest, I spent a good chunk of time generating SSH keys and making sure they were working correctly. I copied my public key to the server and then tested the connection. It felt pretty good to log in without typing a password.
Then I looked at fail2ban. I had heard of this before, but never actually used it. I read the documentation and configured it for install and configured it to protect my SSH port. I made sure to do a test.
sudo apt install fail2ban -y
Finally, I did some basic checks, like reviewing open ports and checking running services. I didn’t find anything unexpected, which was a relief.
I’m no security expert, but I feel like I’ve made some solid progress today. It’s definitely a learning process, and I’m sure there’s more I can do. But for now, I’m feeling a bit more confident about my server’s security.
