How do I harden Ubuntu server?

[stormbind]

I'm using (nearly current releases of) Ubuntu Server (32bit and 64bit) although I might swap Ubuntu for a BSD later.

The machines listen on an arbitrary port for binary streams, they listen for SSH, they send ICMP echo-requests as heartbeats.

Where can I learn about hardening my servers? Tips and links would be appreciated

[elija]

A good starting point and then hit it with something like backtrack and fix all the vulnerabilities it finds

[NomiUnger]

Hey there stormbind,

See the following steps for hardening Ubuntu server:

1. Check that a firewall is up - on your Ubuntu server or in front of it. Now set port 80 to be open both directions but limit the number of connections to one IP.
2. Set root so it cannot log in via ssh, and now secure ssh so only private interface connections are permitted.
3. Next, check that only wheel group users can do su, google can help here.
4. Perform backups.
5. Install or set up an IDS.
6. Install ClamAV.
7. Consider adding a log parser for convenience.

Additionally, following are general guidelines for server hardening:

• Only use secure protocols.
• Eliminate unnecessary software on the server.
• Keep OS and security patches up to date.
• Use strong passwords, changing them regularly.
• Disable root login unless necessary.
• Unnecessary ports should be closed and unnecessary services disabled.
• Utilize system firewall as well as install hardware firewall if possible.
• Maintain proper backups.
• Use brute force and intrusion detection systems.
• Maintain server logs and monitor suspicious activity on your server
• Limit users’ access according to user needs.

Good luck
Nomi

[Quantum]

If you're good enough to adapt it, this is the best:
nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf