Ubuntu 14.04 LTS production server harden
Use of VPS
- ssh in
- gitlab server - remote ssh access - local https access
- x2go server - remote ssh access
- weechat runs on tmux - remote ssh access
Bryan Kennedy First 5 Minutes On A Server
This is a basic starting point. Look at the other links here for additions or modifications.
Server security doesn’t need to be complicated. My security philosophy is simple: adopt principles that will protect you from the most frequent attack vectors, while keeping administration efficient enough that you won’t develop “security cruft”. If you use your first 5 minutes on a server wisely, I believe you can do that.
Any seasoned sysadmin can tell you that as you grow and add more servers & developers, user administration inevitably becomes a burden. Maintaining conventional access grants in the environment of a fast growing startup is an uphill battle - you’re bound to end up with stale passwords, abandoned intern accounts, and a myriad of “I have sudo access to Server A, but not Server B” issues. There are account sync tools to help mitigate this pain, but IMHO the incremental benefit isn’t worth the time nor the security downsides. Simplicity is the heart of good security.
Our servers are configured with two accounts: root and deploy. The deploy user has sudo access via an arbitrarily long password and is the account that developers log into. Developers log in with their public keys, not passwords, so administration is as simple as keeping the authorized_keys file up-to-date across servers. Root login over ssh is disabled, and the deploy user can only log in from our office IP block.
digitalocean.com How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
Justin Ellingwood Initial Server Setup with Ubuntu 14.04
Justin Ellingwood Additional Recommended Steps for New Ubuntu 14.04 Servers
rubytreesoftware.com Securely Setup Ubuntu 14.04 Server
- BE YOUR OWN VPN PROVIDER WITH OPENBSD
- How to Harden and Secure SSH for Improved Security
- How to Add Protective Measures Against SSH Attacks
- Practical Guide to Basic Linux Security
- Linux 101: Hardening SSH
- Securing Debian using IPTABLES/Netfilter firewall
- DigitalOcean - Introduction to Securing your Linux VPS
- Encrypt Your Directories And Partitions With eCryptfs In Linux
- eCryptfs Home page
- dm-crypt at WikiPedia
- linoxide - How To Encrypted Root Partition / Filesystem
- LinuxUser - best file encryption software in open source