Linux Hardening - How to Secure Ubuntu

Question

Octet 45 Newbie Poster

12 Years Ago

I have Ubuntu 12.04 installed on my home web server which I am hoping to use to host my website in the near future. Security is obviously paramount, and is my primary concern at the moment.

What is there that can be done to help prevent attacks?
My current setup is as follows:

Routers in built firewall, of which only HTTP and SSH (80 and 22) are allowed through which goes directly to the server.
Ubuntus UFW is enabled, again allowing only HTTP and SSH.
Strong passwords, and encrypted HDD
Fail2Ban Intrusion Detection System
Security updates released by Ubuntu
Disabling Root SSH Login
Restricting access to folders of the site itself
Preventing Apache from disclosing information about itself

Is there anything else which I can do to help protect my LAMP and SSH server and from a glance, how secure does it appear?
My guess is that the main problem shall end up being SQL Injection, but still the server needs to be secure.

Thanks

ubuntu

Edited 12 Years Ago by Octet because: Added additional information.

4 Contributors
5 Replies
306 Views
1 Year Discussion Span
Latest Post 11 Years Ago Latest Post by mboelen

rubberman 1,355 Nearly a Posting Virtuoso

12 Years Ago

You can use iptables to further firewall your servers, and enable SELinux extensions (Security Enhanced Linux), which can very much harden your systems. SELinux was originally developed by the US National Security Agency, and is (or should be) used on all high-security government systems.

ayush1440 0 Newbie Poster

12 Years Ago

Hi,

I am guesing that you require ssh access from public thats why you open SSH from firewall. I am using DenyHosts for dictionary attack as well as strong security policy. DenyHosts is really very helpful. Also I am using KeePass for making strongest password.

I think that will helpful.

Sorry for bad english.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Octet 45 Newbie Poster Featured Poster · Answer 1 · 2012-08-01T10:51:37+00:00

Thank you, looking at SELinux at the moment but all I can find online about it is people wanting to disable it?

Octet 45 Newbie Poster Featured Poster · Answer 2 · 2012-08-03T11:19:26+00:00

Yep, I do require SSH from public IPs as I could be travelling and so I can't setup a whitelist. I shall look into DenyHosts and KeePass however I think Fail2Ban has a DenyHosts style feature with it. If the password is incorrect three times it shall block the IP.

mboelen 0 Newbie Poster · Answer 3 · 2013-10-15T07:15:32+00:00

For people finding this older (useful) thread. I suggest to try my tool Lynis, for hardening your systems: http://www.rootkit.nl/projects/lynis.html