Saturday, November 20, 2010

HOWTO : Secure your Ubuntu Server in a passive way

*** The original post is written on June 13, 2009 by me. I repost here for reference. The original post is at here. ***

Root account access warning

Add the following to the top of the file /root/.bashrc and you will be informed by email when the root account is being accessed.

echo -e "Root Shell Access on `tty` \n `w`" | mail -s "Alert: Root Access" samiux@gmail.com

You are also required to add the captioned line at the sudoers' .bashrc file.

echo -e "Sudoer Shell Access on `tty` \n `w`" | mail -s "Alert: Sudoer Access" samiux@gmail.com

Hardening SSH

The official port of SSH is 22. You can change it to any port that between 1024 and 65535. You can do it at the router or firewall and you can do it at the configure file of SSH at /etc/ssh/sshd_config. You are recommended to disable the root account login via SSH even you are using Ubuntu.

Port 65535
PermitRootLogin no


sudo /etc/init.d/sshd restart

Block all failed attempts

You are also required to install Fail2Ban in order to block all several time failed attempts.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install fail2ban


Change the setting at /etc/fail2ban/jail.conf when necessary.

Restart the fail2ban after the changes.

sudo /etc/init.d/fail2ban restart

Finally, enable firewall and only allow necessary ports to be access.

That's all! See you.