Results 1 to 4 of 4
I'm using (nearly current releases of) Ubuntu Server (32bit and 64bit) although I might swap Ubuntu for a BSD later. The machines listen on an arbitrary port for binary streams, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-07-2012 #1
- Join Date
- Jun 2012
How do I harden Ubuntu server?
I'm using (nearly current releases of) Ubuntu Server (32bit and 64bit) although I might swap Ubuntu for a BSD later.
The machines listen on an arbitrary port for binary streams, they listen for SSH, they send ICMP echo-requests as heartbeats.
Where can I learn about hardening my servers? Tips and links would be appreciated
- 06-07-2012 #2
A good starting point and then hit it with something like backtrack and fix all the vulnerabilities it finds
- 08-21-2012 #3
Hey there stormbind,
See the following steps for hardening Ubuntu server:
- Check that a firewall is up - on your Ubuntu server or in front of it. Now set port 80 to be open both directions but limit the number of connections to one IP.
- Set root so it cannot log in via ssh, and now secure ssh so only private interface connections are permitted.
- Next, check that only wheel group users can do su, google can help here.
- Perform backups.
- Install or set up an IDS.
- Install ClamAV.
- Consider adding a log parser for convenience.
Additionally, following are general guidelines for server hardening:
- Only use secure protocols.
- Eliminate unnecessary software on the server.
- Keep OS and security patches up to date.
- Use strong passwords, changing them regularly.
- Disable root login unless necessary.
- Unnecessary ports should be closed and unnecessary services disabled.
- Utilize system firewall as well as install hardware firewall if possible.
- Maintain proper backups.
- Use brute force and intrusion detection systems.
- Maintain server logs and monitor suspicious activity on your server
- Limit users’ access according to user needs.
Last edited by NomiUnger; 08-22-2012 at 01:25 PM.
- 08-22-2012 #4
If you're good enough to adapt it, this is the best: