VPS Security

VPS security is an important topic. Unsecured instances become zombies and will be abused for bot networks and other creative tasks.
There are countless pages on the internet, and this is just another one. It’s primarily for myself, so I will know what to do when I change my hosting company the next time!

VPS Security 1: Create a non-root account

First of all, we need to create a non-root account.
That’s a quick one.

The first command will create the actual user and asks for a little more input. The only significant bit is the password.
And yes, that’s a super-creative name. Please do come up with something on your own!

adduser root2

Now we add the user to an elevated group:

usermod -aG sudo root2

Switch user to root2 and ensure SSH access:

su - root2
mkdir ~/.ssh
chmod 700 ~/.ssh

Now try to see if you can log in with the account over SSH and shoot a command that requires sudo.

sudo apt update

All working fine? Good, let’s move on.

VPS Security 2: Securing SSH

Use the root2 account and adjust the SSH settings:

sudo nano /etc/ssh/sshd_confi g

Uncomment “#Port 22” and change the SSH port to something else, maybe 55522.
Scroll down further and change PermitRootLogin from “yes” to “no.”

Exit the file and issue an SSH restart:

sudo systemctl reload sshd

VPS Security 3: Install and enable the firewall

The next step is to increase VPS Security is to install the firewall:

sudo apt install ufw -y

And we’re going to set up a few rules.
We allow inbound HTTP, HTTPS, and SSH with our new port, everything else from the outside is locked, but we’re still okay with sending:

sudo ufw allow 55222
sudo ufw allow http
sudo ufw allow https
sudo ufw default deny incoming
sudo ufw default allow outgoing

Finally, enable the FW:

sudo ufw enable

VPS Security 4: Fail2ban

Fail2ban will automatically block repeated attempts to break into the box.
The installation is simple:

sudo apt install fail2ban -y

We’re going to copy the configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

And apply some edits:

sudo nano /etc/fail2ban/jail.local

Search for bantime, findtime, maxretry and adjust them to your requirements, like here in the screenshot:

VPS Security

Also, enable SSHD protection, and don’t forget to use the new port:

The last step is to restart the service:

sudo service fail2ban restart

That should do. Sure, there’s always more you could do, but these simple measures will keep all the bots and script users at bay.

Of course, you need a backup, too!

More technology posts:

Fail2Ban settings

VPS Security

VPS security is an important topic. Unsecured instances become zombies and will be abused for…

Read More
IT Pro Day 2021

IT Pro Day 2021: Orangematter

I’ve written a new article on our corporate blog, celebrating IT Pro Day 2021:https://orangematter.solarwinds.com/2021/09/01/it-pros-to-the-world-bring-it-on/ It’s…

Read More
1 2 3 4 5

Leave a Comment

Your email address will not be published. Required fields are marked *