Applying all security measures may appear overwhelming, but it only takes a few moments to accomplish a single step, and the benefits to your Linux VPS server are priceless. The procedures highlighted below are the bare minimum that you can do to defend your server from common threats. More elaborate measures can be applied after you have mastered these basics. I have included commands for Ubuntu/Debian and CentOS systems where relevant.

Step 1: Access Server Monkey Dashboard

Get to your Server Monkey control panel and go to the VPS management section. From there, select your active VPS to start the security hardening procedure.

Step 2: Update System Packages

Use your preferred a SSH tool to log into your server and run “apt upgrade” for Ubuntu/Debian and “yum update” for CentOS to update all relevant packages. Your server’s software is now fully up to date, which lowers the chances of bugs being rooted.

Bash
 
 
# Ubuntu/Debian sudo apt update && sudo apt upgrade -y # CentOS/RHEL sudo yum update -y
 

Step 3: Create Non-Root User

Create a new user account with sudo privileges for daily administration tasks. Never use the root account for regular server management activities.
Bash
 
 
sudo adduser newuser sudo usermod -aG sudo newuser
 

Step 4: Configure SSH Security

Edit the SSH configuration file to enhance security by changing the default port and disabling root login. Always test SSH changes before closing your current session.
Bash
 
 
sudo nano /etc/ssh/sshd_config
 

Step 5: Enable Firewall Protection

Configure and enable the firewall to control network traffic to your server. Allow only necessary ports and services for your specific use case.
Bash
 
 
# Ubuntu/Debian sudo ufw enable sudo ufw default deny incoming sudo ufw allow 22/tcp # CentOS/RHEL sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload
 

Step 6: Remove Unnecessary Services

Identify and remove unused services and packages to reduce the attack surface. Only keep services that are essential for your server's function.
Bash
 
 
# List installed packages dpkg --list | grep -i telnet sudo apt remove telnet-server xinetd

Step 7: Configure Automatic Updates

Set up automatic security updates to ensure your system stays protected against known vulnerabilities. Configure email notifications for update status.
Bash
 
 
sudo apt install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades
 

Step 8: Set Up Fail2Ban Protection

Install and configure Fail2Ban to automatically block IP addresses that show malicious behavior. This protects against brute force attacks on SSH and other services.
Bash
 
 
sudo apt install fail2ban sudo systemctl enable fail2ban sudo systemctl start fail2ban
 
 
 
 
 
 
Important Notes:
Always test SSH configuration changes before closing your current session
Keep a backup of configuration files before making changes
Monitor system logs regularly for suspicious activity
Use strong passwords and consider SSH key authentication
Regularly review and update your security configurations
這篇文章有幫助嗎? 0 用戶發現這個有用 (0 投票)

熱門文章

How to Change the Default SSH Port on Your Linux VPS

Securing your server from automated brute force attacks can be achieved by changing the default...
How to Enable Two-Factor Authentication (2FA) in skmcloud

Two-Factor Authentication (2FA) adds an extra layer of security to your SMKCloud account. By...